The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision. (CVE-2014-0017) A vulnerability was found in libssh's server-side state machine. A malicious client could create channels without first performing authentication, resulting in unauthorized access. (CVE-2018-10933) A flaw was found with the libssh API function ssh_scp_new(). A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target. (CVE-2019-14889) A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. (CVE-2020-16135) A flaw was found in the way libssh handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. (CVE-2020-1730) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported…Read More