Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2666

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2005-2666
Last Modified 21 Aug 2010 12:31:52
Published 23 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-2666

Summary

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

Vulnerable Systems

Application

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.1p1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.0.2p1

  • Openbsd Openssh 3.0p1

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.1p1

  • Openbsd Openssh 3.2

  • Openbsd Openssh 3.2.2p1

  • Openbsd Openssh 3.2.3p1

  • Openbsd Openssh 3.3

  • Openbsd Openssh 3.3p1

  • Openbsd Openssh 3.4

  • Openbsd Openssh 3.4p1

  • Openbsd Openssh 3.5

  • Openbsd Openssh 3.5p1

  • Openbsd Openssh 3.6

  • Openbsd Openssh 3.6.1

  • Openbsd Openssh 3.6.1p1

  • Openbsd Openssh 3.6.1p2

  • Openbsd Openssh 3.7

  • Openbsd Openssh 3.7.1

  • Openbsd Openssh 3.7.1p2

  • Openbsd Openssh 3.8

  • Openbsd Openssh 3.8.1

  • Openbsd Openssh 3.8.1p1

  • Openbsd Openssh 3.9

  • Openbsd Openssh 3.9.1

  • Openbsd Openssh 3.9.1p1


References

MISC - http://nms.csail.mit.edu/projects/ssh/

REDHAT - RHSA-2007:0257

MISC - http://www.eweek.com/article2/0,1759,1815795,00.asp

SECUNIA - 25098

SECUNIA - 19243

SCO - SCOSA-2006.11


Last Updated: 27 May 2016 10:40:36