Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1120

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2003-1120
Last Modified 13 Sep 2013 12:31:15
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2003-1120

Summary

Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.

Vulnerable Systems

Application

  • Ssh Tectia Server 4.0.3

  • Ssh Tectia Server 4.0.4


References

CERT-VN - VU#814198

CONFIRM - http://www.ssh.com/company/newsroom/article/520/

BID - 9956

XF - sshtectiaserver-passwdplugin-race-condition(15585)

OSVDB - 4491

SECTRACK - 1009532

SECUNIA - 11193


Last Updated: 27 May 2016 10:38:14