Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1380

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1380
Last Modified 05 Sep 2008 04:26:24
Published 18 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1380

Summary

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

Vulnerable Systems

Application

  • Openbsd Openssh 2.9.9


References

CERT-VN - VU#905795

REDHAT - RHSA-2001:114

BUGTRAQ - 20010926 OpenSSH Security Advisory (adv.option)

XF - openssh-access-control-bypass(7179)

BID - 3369

OSVDB - 642

MANDRAKE - MDKSA-2001:081

CIAC - M-010

IMMUNIX - IMNX-2001-70-034-01

CONECTIVA - CLSA-2001:431


Last Updated: 27 May 2016 10:36:38