From f0f453c916e279980df981c1e1dee0d167dc124e Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 19:07:52 +0200 Subject: Adding upstream version 3.1.0. Signed-off-by: Daniel Baumann --- .../expected_results/openssh_4.0p1_test1.json | 525 +++++++++++++++++++++ 1 file changed, 525 insertions(+) create mode 100644 test/docker/expected_results/openssh_4.0p1_test1.json (limited to 'test/docker/expected_results/openssh_4.0p1_test1.json') diff --git a/test/docker/expected_results/openssh_4.0p1_test1.json b/test/docker/expected_results/openssh_4.0p1_test1.json new file mode 100644 index 0000000..f5735a9 --- /dev/null +++ b/test/docker/expected_results/openssh_4.0p1_test1.json @@ -0,0 +1,525 @@ +{ + "additional_notes": [ + "" + ], + "banner": { + "comments": null, + "protocol": "1.99", + "raw": "SSH-1.99-OpenSSH_4.0", + "software": "OpenSSH_4.0" + }, + "compression": [ + "none", + "zlib" + ], + "cves": [ + { + "cvssv2": 7.8, + "description": "command injection via anomalous argument transfers", + "name": "CVE-2020-15778" + }, + { + "cvssv2": 5.3, + "description": "enumerate usernames due to timing discrepancies", + "name": "CVE-2018-15473" + }, + { + "cvssv2": 5.3, + "description": "readonly bypass via sftp", + "name": "CVE-2017-15906" + }, + { + "cvssv2": 5.3, + "description": "enumerate usernames via challenge response", + "name": "CVE-2016-20012" + }, + { + "cvssv2": 5.5, + "description": "bypass command restrictions via crafted X11 forwarding data", + "name": "CVE-2016-3115" + }, + { + "cvssv2": 7.5, + "description": "cause DoS via triggering error condition (memory corruption)", + "name": "CVE-2014-1692" + }, + { + "cvssv2": 3.5, + "description": "leak data via debug messages", + "name": "CVE-2012-0814" + }, + { + "cvssv2": 3.5, + "description": "cause DoS via large value in certain length field (memory consumption)", + "name": "CVE-2011-5000" + }, + { + "cvssv2": 5.0, + "description": "cause DoS via large number of connections (slot exhaustion)", + "name": "CVE-2010-5107" + }, + { + "cvssv2": 4.0, + "description": "cause DoS via crafted glob expression (CPU and memory consumption)", + "name": "CVE-2010-4755" + }, + { + "cvssv2": 7.5, + "description": "bypass authentication check via crafted values", + "name": "CVE-2010-4478" + }, + { + "cvssv2": 2.6, + "description": "recover plaintext data from ciphertext", + "name": "CVE-2008-5161" + }, + { + "cvssv2": 5.0, + "description": "cause DoS via multiple login attempts (slot exhaustion)", + "name": "CVE-2008-4109" + }, + { + "cvssv2": 6.5, + "description": "bypass command restrictions via modifying session file", + "name": "CVE-2008-1657" + }, + { + "cvssv2": 6.9, + "description": "hijack forwarded X11 connections", + "name": "CVE-2008-1483" + }, + { + "cvssv2": 7.5, + "description": "privilege escalation via causing an X client to be trusted", + "name": "CVE-2007-4752" + }, + { + "cvssv2": 5.0, + "description": "discover valid usernames through different responses", + "name": "CVE-2007-2243" + }, + { + "cvssv2": 5.0, + "description": "discover valid usernames through different responses", + "name": "CVE-2006-5052" + }, + { + "cvssv2": 9.3, + "description": "cause DoS or execute arbitrary code (double free)", + "name": "CVE-2006-5051" + }, + { + "cvssv2": 7.8, + "description": "cause DoS via crafted packet (CPU consumption)", + "name": "CVE-2006-4924" + }, + { + "cvssv2": 4.6, + "description": "execute arbitrary code", + "name": "CVE-2006-0225" + }, + { + "cvssv2": 5.0, + "description": "leak data about authentication credentials", + "name": "CVE-2005-2798" + } + ], + "enc": [ + { + "algorithm": "aes128-cbc", + "notes": { + "info": [ + "available since OpenSSH 2.3.0, Dropbear SSH 0.28" + ], + "warn": [ + "using weak cipher mode" + ] + } + }, + { + "algorithm": "3des-cbc", + "notes": { + "fail": [ + "using broken & deprecated 3DES cipher" + ], + "info": [ + "available since OpenSSH 1.2.2, Dropbear SSH 0.28" + ], + "warn": [ + "using weak cipher mode", + "using small 64-bit block size" + ] + } + }, + { + "algorithm": "blowfish-cbc", + "notes": { + "fail": [ + "using weak & deprecated Blowfish cipher" + ], + "info": [ + "available since OpenSSH 1.2.2, Dropbear SSH 0.28" + ], + "warn": [ + "using weak cipher mode", + "using small 64-bit block size" + ] + } + }, + { + "algorithm": "cast128-cbc", + "notes": { + "fail": [ + "using weak & deprecated CAST cipher" + ], + "info": [ + "available since OpenSSH 2.1.0" + ], + "warn": [ + "using weak cipher mode", + "using small 64-bit block size" + ] + } + }, + { + "algorithm": "arcfour", + "notes": { + "fail": [ + "using broken RC4 cipher" + ], + "info": [ + "available since OpenSSH 2.1.0" + ] + } + }, + { + "algorithm": "aes192-cbc", + "notes": { + "info": [ + "available since OpenSSH 2.3.0" + ], + "warn": [ + "using weak cipher mode" + ] + } + }, + { + "algorithm": "aes256-cbc", + "notes": { + "info": [ + "available since OpenSSH 2.3.0, Dropbear SSH 0.47" + ], + "warn": [ + "using weak cipher mode" + ] + } + }, + { + "algorithm": "rijndael-cbc@lysator.liu.se", + "notes": { + "fail": [ + "using deprecated & non-standardized Rijndael cipher" + ], + "info": [ + "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", + "available since OpenSSH 2.3.0" + ], + "warn": [ + "using weak cipher mode" + ] + } + }, + { + "algorithm": "aes128-ctr", + "notes": { + "info": [ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm": "aes192-ctr", + "notes": { + "info": [ + "available since OpenSSH 3.7" + ] + } + }, + { + "algorithm": "aes256-ctr", + "notes": { + "info": [ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + } + ], + "fingerprints": [ + { + "hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", + "hash_alg": "SHA256", + "hostkey": "ssh-rsa" + }, + { + "hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", + "hash_alg": "MD5", + "hostkey": "ssh-rsa" + } + ], + "kex": [ + { + "algorithm": "diffie-hellman-group-exchange-sha1", + "keysize": 1024, + "notes": { + "fail": [ + "using small 1024-bit modulus" + ], + "info": [ + "available since OpenSSH 2.3.0" + ] + } + }, + { + "algorithm": "diffie-hellman-group14-sha1", + "notes": { + "fail": [ + "using broken SHA-1 hash algorithm" + ], + "info": [ + "available since OpenSSH 3.9, Dropbear SSH 0.53" + ], + "warn": [ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm": "diffie-hellman-group1-sha1", + "notes": { + "fail": [ + "using small 1024-bit modulus", + "vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)", + "using broken SHA-1 hash algorithm" + ], + "info": [ + "removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9", + "available since OpenSSH 2.3.0, Dropbear SSH 0.28" + ] + } + } + ], + "key": [ + { + "algorithm": "ssh-rsa", + "keysize": 1024, + "notes": { + "fail": [ + "using broken SHA-1 hash algorithm", + "using small 1024-bit modulus" + ], + "info": [ + "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", + "available since OpenSSH 2.5.0, Dropbear SSH 0.28" + ] + } + }, + { + "algorithm": "ssh-dss", + "notes": { + "fail": [ + "using small 1024-bit modulus" + ], + "info": [ + "disabled in OpenSSH 7.0: https://www.openssh.com/txt/release-7.0", + "available since OpenSSH 2.1.0, Dropbear SSH 0.28" + ], + "warn": [ + "using weak random number generator could reveal the key" + ] + } + } + ], + "mac": [ + { + "algorithm": "hmac-md5", + "notes": { + "fail": [ + "using broken MD5 hash algorithm" + ], + "info": [ + "available since OpenSSH 2.1.0, Dropbear SSH 0.28" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm": "hmac-sha1", + "notes": { + "fail": [ + "using broken SHA-1 hash algorithm" + ], + "info": [ + "available since OpenSSH 2.1.0, Dropbear SSH 0.28" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm": "hmac-ripemd160", + "notes": { + "fail": [ + "using deprecated RIPEMD hash algorithm" + ], + "info": [ + "available since OpenSSH 2.5.0" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm": "hmac-ripemd160@openssh.com", + "notes": { + "fail": [ + "using deprecated RIPEMD hash algorithm" + ], + "info": [ + "available since OpenSSH 2.1.0" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm": "hmac-sha1-96", + "notes": { + "fail": [ + "using broken SHA-1 hash algorithm" + ], + "info": [ + "available since OpenSSH 2.5.0, Dropbear SSH 0.47" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm": "hmac-md5-96", + "notes": { + "fail": [ + "using broken MD5 hash algorithm" + ], + "info": [ + "available since OpenSSH 2.5.0" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + } + ], + "recommendations": { + "critical": { + "del": { + "enc": [ + { + "name": "3des-cbc", + "notes": "" + }, + { + "name": "arcfour", + "notes": "" + }, + { + "name": "blowfish-cbc", + "notes": "" + }, + { + "name": "cast128-cbc", + "notes": "" + }, + { + "name": "rijndael-cbc@lysator.liu.se", + "notes": "" + } + ], + "kex": [ + { + "name": "diffie-hellman-group14-sha1", + "notes": "" + }, + { + "name": "diffie-hellman-group1-sha1", + "notes": "" + }, + { + "name": "diffie-hellman-group-exchange-sha1", + "notes": "" + } + ], + "key": [ + { + "name": "ssh-dss", + "notes": "" + }, + { + "name": "ssh-rsa", + "notes": "" + } + ], + "mac": [ + { + "name": "hmac-md5", + "notes": "" + }, + { + "name": "hmac-md5-96", + "notes": "" + }, + { + "name": "hmac-ripemd160", + "notes": "" + }, + { + "name": "hmac-ripemd160@openssh.com", + "notes": "" + }, + { + "name": "hmac-sha1", + "notes": "" + }, + { + "name": "hmac-sha1-96", + "notes": "" + } + ] + } + }, + "warning": { + "del": { + "enc": [ + { + "name": "aes128-cbc", + "notes": "" + }, + { + "name": "aes192-cbc", + "notes": "" + }, + { + "name": "aes256-cbc", + "notes": "" + } + ] + } + } + }, + "target": "localhost:2222" +} -- cgit v1.2.3