| Revision Date: | 2013-04-29 | Version: | 11 | | Title: | SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | | Description: | SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2005-2666
| | Platform(s): | CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 4
| Product(s): | | | Definition Synopsis | | RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND Configuration section
openssh is earlier than 0:3.9p1-8.RHEL4.20
OR openssh-askpass is earlier than 0:3.9p1-8.RHEL4.20
OR openssh-server is earlier than 0:3.9p1-8.RHEL4.20
OR openssh-clients is earlier than 0:3.9p1-8.RHEL4.20
OR openssh-askpass-gnome is earlier than 0:3.9p1-8.RHEL4.20
|
|