Vulnerability Name:

CVE-2001-0361 (CCN-6082)

Assigned:2001-02-07
Published:2001-02-07
Updated:2018-05-03
Summary:Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-310
Vulnerability Consequences:Obtain Information
References:Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-01:24

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:24
ssh

Source: CCN
Type: NetBSD Security Advisory 2001-003
Secure Shell vulnerabilities and key generation

Source: MITRE
Type: CNA
CVE-2001-0361

Source: BUGTRAQ
Type: UNKNOWN
20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability

Source: CCN
Type: CIAC Information Bulletin L-047
OpenSSH SSH1 Coding Error and Server Key Vulnerability

Source: CIAC
Type: UNKNOWN
L-047

Source: CCN
Type: CIAC Information Bulletin M-017
Multiple SSH Version 1 Vulnerabilities

Source: CCN
Type: Cisco Systems Inc. Security Advisory, 2001 June 27 08:00 (UTC -0800)
Multiple SSH Vulnerabilities

Source: CCN
Type: CORE SDI S.A. Security Advisory CORE-20010116
SSH protocol 1.5 session key recovery vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-023

Source: DEBIAN
Type: UNKNOWN
DSA-027

Source: DEBIAN
Type: UNKNOWN
DSA-086

Source: DEBIAN
Type: DSA-023
inn2 -- local tempfile vulnerabilities

Source: DEBIAN
Type: DSA-027
OpenSSH -- remote exploit

Source: DEBIAN
Type: DSA-086
ssh-nonfree -- remote root exploit

Source: CCN
Type: US-CERT VU#161576
Certain implementations of SSH1 may reveal internal cryptologic state

Source: SUSE
Type: UNKNOWN
SuSE-SA:2001:04

Source: OSVDB
Type: UNKNOWN
2116

Source: CCN
Type: OSVDB ID: 2116
PKCS 1 Version 1.5 Session Key Retrieval (Bleichenbacher Attack)

Source: BID
Type: Patch, Vendor Advisory
2344

Source: CCN
Type: BID-2344
PKCS #1 Version 1.5 Session Key Retrieval Vulnerability

Source: CCN
Type: SSH Secure Shell Download Page
Download

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:004
ssh

Source: XF
Type: UNKNOWN
ssh-session-key-recovery(6082)

Source: XF
Type: UNKNOWN
ssh-session-key-recovery(6082)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:ssh:ssh:*:*:*:*:*:*:*:* (Version <= 1.2.31)

    • Configuration CCN 1:
  • cpe:/a:ssh:ssh:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5729
    V
    		Multiple Vendor SSH 1.5 Session Key Recovery Vulnerability
    2008-09-08
    oval:org.debian:def:86
    V
    		remote root exploit
    2001-11-13
    BACK
    openbsd openssh 1.2.3
    openbsd openssh 2.1
    openbsd openssh 2.1.1
    ssh ssh *
    ssh ssh *
    debian debian linux 2.2