Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0361

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2001-0361
Last Modified 10 Sep 2008 03:07:49
Published 27 Jun 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2001-0361

Summary

Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

Vulnerable Systems

Application

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Ssh 1.2.31


References

BID - 2344

XF - ssh-session-key-recovery(6082)

OSVDB - 2116

SUSE - SuSE-SA:2001:04

DEBIAN - DSA-086

DEBIAN - DSA-027

DEBIAN - DSA-023

CIAC - L-047

BUGTRAQ - 20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability

FREEBSD - FreeBSD-SA-01:24


Last Updated: 27 May 2016 10:36:14