Oval Definition:oval:org.mitre.oval:def:445
Revision Date:2010-09-20Version:22
Title:OpenSSH Indirect User Disclosure Vulnerability
Description:OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2003-0190
Platform(s):Red Hat Linux 9
Product(s):OpenSSH
Definition Synopsis
  • Software section
  • Red Hat 9 is installed
  • AND ix86 architecture
  • AND openssh-server version is less than 3.5p1-6.9
  • AND Configuration section
  • sshd listens on the network
    • BACK