Vulnerability Name:

CVE-2001-0144 (CCN-6083)

Assigned:2001-02-08
Published:2001-02-08
Updated:2018-05-03
Summary:CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: OSSH FTP site
FTP directory /pub/krypto/ossh/ at ftp.pdc.kth.se

Source: CCN
Type: BugTraq Mailing List, Wed Feb 21 2001 - 00:38:15 CST
SSH CRC-32 Compensation Attack Detector Vulnerability Exploit

Source: CCN
Type: BugTraq Mailing List, Thu Nov 22 2001 - 02:22:51 CST
Secure Computing SafeWord uses vulnerable ssh server

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:24
ssh

Source: CCN
Type: NetBSD Security Advisory 2001-003
Secure Shell vulnerabilities and key generation

Source: MITRE
Type: CNA
CVE-2001-0144

Source: BUGTRAQ
Type: UNKNOWN
20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector

Source: BINDVIEW
Type: Patch, Vendor Advisory
20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector

Source: CCN
Type: BindView RAZOR Security Advisory, February 8, 2001
Remote vulnerability in SSH daemon crc32 compensation attack detector

Source: CERT
Type: US Government Resource
CA-2001-35

Source: CCN
Type: CIAC Information Bulletin L-047
OpenSSH SSH1 Coding Error and Server Key Vulnerability

Source: CCN
Type: CIAC Information Bulletin M-017
Multiple SSH Version 1 Vulnerabilities

Source: CCN
Type: Cisco Systems Inc. Security Advisory, 2001 June 27 08:00 (UTC -0800)
Multiple SSH Vulnerabilities

Source: CCN
Type: CORE SDI S.A. Security Advisory CORE-20010207
SSH1 CRC-32 compensation attack detector vulnerability

Source: CCN
Type: Internet Security Systems Security Alert #100
Widespread Exploitation of SSH CRC32 Compensation Attack

Source: CCN
Type: US-CERT VU#945216
SSH CRC32 attack detection code contains remote integer overflow

Source: CCN
Type: OpenSSH Web site
OpenSSH information

Source: OSVDB
Type: UNKNOWN
503

Source: OSVDB
Type: UNKNOWN
795

Source: CCN
Type: OSVDB ID: 45873
Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS

Source: CCN
Type: OSVDB ID: 795
Multiple Vendor SSH CRC-32 detect_attack() Function Overflow

Source: BID
Type: Exploit, Patch, Vendor Advisory
2347

Source: CCN
Type: BID-2347
SSH CRC-32 Compensation Attack Detector Vulnerability

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:004
ssh

Source: XF
Type: UNKNOWN
ssh-deattack-overwrite-memory(6083)

Source: XF
Type: UNKNOWN
ssh-deattack-overwrite-memory(6083)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:1.2.24:*:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:1.2.25:*:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:1.2.26:*:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:1.2.28:*:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:1.2.29:*:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:1.2.30:*:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:1.2.31:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:ssh:ssh:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5397
    V
    Multiple Vendor SSH Buffer Overflow Vulnerability
    2008-09-08
    BACK
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 2.1
    openbsd openssh 2.1.1
    openbsd openssh 2.2
    ssh ssh 1.2.24
    ssh ssh 1.2.25
    ssh ssh 1.2.26
    ssh ssh 1.2.27
    ssh ssh 1.2.28
    ssh ssh 1.2.29
    ssh ssh 1.2.30
    ssh ssh 1.2.31
    ssh ssh *