Vulnerability Name: | CVE-2001-0144 (CCN-6083) | ||||||||
Assigned: | 2001-02-08 | ||||||||
Published: | 2001-02-08 | ||||||||
Updated: | 2018-05-03 | ||||||||
Summary: | CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: OSSH FTP site FTP directory /pub/krypto/ossh/ at ftp.pdc.kth.se Source: CCN Type: BugTraq Mailing List, Wed Feb 21 2001 - 00:38:15 CST SSH CRC-32 Compensation Attack Detector Vulnerability Exploit Source: CCN Type: BugTraq Mailing List, Thu Nov 22 2001 - 02:22:51 CST Secure Computing SafeWord uses vulnerable ssh server Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-01:24 ssh Source: CCN Type: NetBSD Security Advisory 2001-003 Secure Shell vulnerabilities and key generation Source: MITRE Type: CNA CVE-2001-0144 Source: BUGTRAQ Type: UNKNOWN 20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector Source: BINDVIEW Type: Patch, Vendor Advisory 20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector Source: CCN Type: BindView RAZOR Security Advisory, February 8, 2001 Remote vulnerability in SSH daemon crc32 compensation attack detector Source: CERT Type: US Government Resource CA-2001-35 Source: CCN Type: CIAC Information Bulletin L-047 OpenSSH SSH1 Coding Error and Server Key Vulnerability Source: CCN Type: CIAC Information Bulletin M-017 Multiple SSH Version 1 Vulnerabilities Source: CCN Type: Cisco Systems Inc. Security Advisory, 2001 June 27 08:00 (UTC -0800) Multiple SSH Vulnerabilities Source: CCN Type: CORE SDI S.A. Security Advisory CORE-20010207 SSH1 CRC-32 compensation attack detector vulnerability Source: CCN Type: Internet Security Systems Security Alert #100 Widespread Exploitation of SSH CRC32 Compensation Attack Source: CCN Type: US-CERT VU#945216 SSH CRC32 attack detection code contains remote integer overflow Source: CCN Type: OpenSSH Web site OpenSSH information Source: OSVDB Type: UNKNOWN 503 Source: OSVDB Type: UNKNOWN 795 Source: CCN Type: OSVDB ID: 45873 Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS Source: CCN Type: OSVDB ID: 795 Multiple Vendor SSH CRC-32 detect_attack() Function Overflow Source: BID Type: Exploit, Patch, Vendor Advisory 2347 Source: CCN Type: BID-2347 SSH CRC-32 Compensation Attack Detector Vulnerability Source: CCN Type: SuSE Security Announcement SuSE-SA:2001:004 ssh Source: XF Type: UNKNOWN ssh-deattack-overwrite-memory(6083) Source: XF Type: UNKNOWN ssh-deattack-overwrite-memory(6083) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |