How to respond to Nessus reported OpenSSH Vulnerabilities against the RSA Authentication Manager 8.4 or later
Originally Published: 2020-10-05
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0 or later
Platform: Linux
Platform (Other): Suse Linux Enterprise Server
O/S Version: SLES 12 Service Pack 3 or later
Product Name: RSA SecurID
Issue
For example, Nessus vulnerability ID’s 90023, 93194, 96151, 99359, 103781 are listed against the latest version of the RSA Authentication Manager 8.4 P13 or 8.5
This KB will explain how to identify accurate OpenSSH package details and show RSA Authentication Manager is NOT EXPLOITABLE.
Resolution
Relating to Nessus ID 93194, for example, there are few reference Information in Tenable site: CVE: CVE-2015-8325, CVE-2016-6515, CVE-2016-6210
https://www.tenable.com/plugins/nessus/93194
Relating to Nessus ID 96151, reference Information are: CVE: CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012
https://www.tenable.com/plugins/nessus/96151
Relating to Nessus ID 99359, there is no CVE:
https://www.tenable.com/plugins/nessus/99359
Relating to Nessus ID 103781, reference Information is: CVE: CVE-2017-15906
https://www.tenable.com/plugins/nessus/103781
1. Find the RSA Authentication Manager version and SUSE Linux Enterprise Server version as below:
rsaadmin@ehud:~> cat /etc/issue RSA Authentication Manager 8.5.0.0.0-build1415100 rsaadmin@ehud:~> cat /etc/os-release NAME="SLES" VERSION="12-SP3" VERSION_ID="12.3" PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3" ID="sles" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:suse:sles:12:sp3"2. Find openssh package version as below:
rsaadmin@ehud:~> sudo su - [sudo] password for rsaadmin: ehud:~ # zypper search -si ssh Loading repository data... Warning: No repositories defined. Operating only with the installed resolvables. Nothing can be installed. Reading installed packages... S | Name | Type | Version | Arch | Repository ---+-----------+---------+---------------+--------+------------------ i | libssh2-1 | package | 1.4.3-20.14.1 | x86_64 | (System Packages) i+ | openssh | package | 7.2p2-74.54.1 | x86_64 | (System Packages)
3. Take a Nessus vulnerability ID - 103781 from above examples. It has a reference information CVE-2017-15906 in Tenable site.
Look up SUSE Linux site and find a corresponding CVE:
https://www.suse.com/security/cve/CVE-2017-15906/
It has a following fix in SUSE Linux Enterprise Server 12 SP3:
openssh >= 7.2p2-74.11.1
openssh-askpass-gnome >= 7.2p2-74.11.3
openssh-fips >= 7.2p2-74.11.1
openssh-helpers >= 7.2p2-74.11.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-2017-2009
As per zypper command outputs, AM 8.4 P13 or AM8.5 has later package (7.2p2-74.54.1) from step 2 than the fixed version of 7.2p2-74.11.1 in SLES 12 SP3.
Thus the reported vulnerability is Not Exploitable.
Related Articles
Weak Certificate Signature Hashing Algorithm on TCP ports 5550 & 5580, CVE-2004-2761, CVE-2005-4900 Number of Views Possible Apache vulnerabilities when scanned with McAfee Foundstone Enterprise Number of Views Windows Authentication Agent 7.3.x Installation fails with error: "Error 25001.Custom Action Name: Deferred_ServerCer Erro… Number of Views Tenable Vulnerability Management - SAML Relying Party Configuration - RSA Ready Implementation Guide Number of Views Response to OpenSSH Vulnerabilities on RSA Authentication Manager 8.8 - CVE-2023-51385, CVE-2023-51767, CVE-2023-51384 Number of Views
Trending Articles
Enable SSH from a console connection if the Operations Console is not available for RSA Authentication Manager 8.x RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows RSA Authentication Manager Upgrade Process How to Update the Root (Server) and Client Certificates in RSA Identity Governance & Lifecycle RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
