Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0572

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0572
Last Modified 05 Sep 2008 04:24:26
Published 22 Aug 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0572

Summary

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

Vulnerable Systems

Application

  • Openbsd Openssh 4.5

  • Ssh 1.2.24

  • Ssh 1.2.25

  • Ssh 1.2.26

  • Ssh 1.2.27

  • Ssh 1.2.28

  • Ssh 1.2.29

  • Ssh 1.2.30

  • Ssh 1.2.31


References

CERT-VN - VU#596827

REDHAT - RHSA-2001:033

MANDRAKE - MDKSA-2001:033

BUGTRAQ - 20010318 Passive Analysis of SSH (Secure Shell) Traffic

CONECTIVA - CLA-2001:391


Last Updated: 27 May 2016 10:36:18