Check or Attack Name: Sshd1217

Internet Scanner detected an obsolete version of sshd, the secure shell remote login daemon. Sshd allows another computer to log in over a network, to execute commands from a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels.

All versions of sshd less than version 1.2.17 have multiple vulnerability issues. Versions prior to 1.2.17 had problems with authentication agent handling on some machines. There is a chance that a malicious user could exploit a race condition to steal another user's credentials. This issue has been reported to be resolved in 1.2.17.

Upgrade sshd to version 1.2.17 or higher at http://www.cs.hut.fi/ssh.

Thomas K÷nig's Web Site, The Ssh (Secure Shell) FAQ - Frequently asked questions, http://www.uni-karlsruhe.de/~ig25/ssh-faq/

Most UNIXes Bug List Page, ssh, http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html