Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1474

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1474
Last Modified 05 Sep 2008 04:26:39
Published 18 Jan 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1474

Summary

SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.

Vulnerable Systems

Application

  • Ssh 1.2.24

  • Ssh 1.2.25

  • Ssh 1.2.26

  • Ssh 1.2.27

  • Ssh 1.2.28

  • Ssh 1.2.29

  • Ssh 1.2.30

  • Ssh 1.2.31


References

CERT-VN - VU#786900

XF - ssh-dns-authentication-bypass(6604)


Last Updated: 27 May 2016 10:36:41