Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0259

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2001-0259
Last Modified 05 Sep 2008 04:23:40
Published 02 Jun 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0259

Summary

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.

Vulnerable Systems

Application

  • Ssh 1.2.27

  • Ssh 1.2.28

  • Ssh 1.2.29

  • Ssh 1.2.30


References

XF - ssh-rpc-private-key

BID - 2222

BUGTRAQ - 20010116 Bug in SSH1 secure-RPC support can expose users' private keys

CONFIRM - http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html


Last Updated: 27 May 2016 10:36:12