Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0144

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-0144
Last Modified 05 Sep 2008 04:23:23
Published 12 Mar 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0144

Summary

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

Vulnerable Systems

Application

  • Openbsd Openssh 1.2.2

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Ssh 1.2.24

  • Ssh 1.2.25

  • Ssh 1.2.26

  • Ssh 1.2.27

  • Ssh 1.2.28

  • Ssh 1.2.29

  • Ssh 1.2.30

  • Ssh 1.2.31


References

CERT - CA-2001-35

BID - 2347

BINDVIEW - 20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector

BUGTRAQ - 20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector

XF - ssh-deattack-overwrite-memory(6083)

OSVDB - 795

OSVDB - 503


Last Updated: 27 May 2016 10:36:09