Hello
I just ran a security check on our server and it showed this :
OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation
ssh (22/tcp)
Synopsis:
Arbitrary code may be run on the remote host.
Description:
You are running a version of OpenSSH which is older than 3.1.
Versions prior than 3.1 are vulnerable to an off by one error that allows local users to gain root access, and it may be possible for remote users to
similarly compromise the daemon for remote access.
In addition, a vulnerable SSH client may be compromised by connecting to a malicious SSH daemon that exploits this vulnerability in the client code,
thus compromising the client system.
Solution:
Upgrade to OpenSSH 3.1 or apply the patch for prior versions. (See: http://www.openssh.org)
Risk factor:
Critical !!! / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true
CVE : CVE-2002-0083
BID : 4241
Other references : OSVDB:730, CWE:189
Can I somehow update the version of SSH in Xampp ? I am running the Windows 2008 R2 Web Server with Xampp 1.7.3 installed.
thanks
Jakub