| Vulnerability Name: | CVE-2001-0572 (CCN-6783) | ||||||||
| Assigned: | 2001-03-19 | ||||||||
| Published: | 2001-03-19 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: Exploit, Patch, Vendor Advisory 20010318 Passive Analysis of SSH (Secure Shell) Traffic Source: CCN Type: BugTraq Mailing List, Sun Mar 18 2001 - 22:28:43 CST Passive Analysis of SSH (Secure Shell) Traffic Source: MITRE Type: CNA CVE-2001-0572 Source: CONECTIVA Type: Vendor Advisory CLA-2001:391 Source: CCN Type: Conectiva Linux Announcement CLSA-2001:391 openssh Source: CCN Type: Trustix Secure Linux Security Advisory #2001-0002 OpenSSH Source: CCN Type: RHSA-2001-033 Updated openssh packages available Source: CCN Type: PuTTY Web site PuTTY: A Free Win32 Telnet/SSH Client Source: CCN Type: Cisco Systems Inc. Security Advisory, 2001 June 27 08:00 (UTC -0800) Multiple SSH Vulnerabilities Source: CCN Type: US-CERT VU#596827 Weaknesses in the SSH protocol simplify brute-force attacks against passwords typed in an existing SSH session Source: CERT-VN Type: US Government Resource VU#596827 Source: MANDRAKE Type: Patch, Vendor Advisory MDKSA-2001:033 Source: CCN Type: OpenBSD Web site FTP, HTTP, AFS and RSYNC mirrors Source: CCN Type: OSVDB ID: 3561 Cisco Devices SSH Password Length Disclosure Source: CCN Type: OSVDB ID: 3562 SSH Traffic Analysis Connection Attributes Disclosure Source: CCN Type: Progeny Linux Systems Security Advisory PROGENY-SA-2001-04 OpenSSH subject to traffic analysis Source: REDHAT Type: Patch, Vendor Advisory RHSA-2001:033 Source: CCN Type: BID-49473 OpenSSH Ciphersuite Specification Information Disclosure Weakness Source: XF Type: UNKNOWN ssh-plaintext-length-field(6783) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||