Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2760

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-2760
Last Modified 29 Jan 2009 12:37:57
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2760

Summary

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.

Vulnerable Systems

Application

  • Openbsd Openssh 3.5

  • Openbsd Openssh 3.5p1


References

BUGTRAQ - 20040413 Re: Fwd: [BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)]

SREASON - 4100

BUGTRAQ - 20040412 BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)


Last Updated: 27 May 2016 10:39:37