Vulnerability Name:

CVE-2001-1507 (CCN-7598)

Assigned:2001-11-19
Published:2001-11-19
Updated:2008-09-10
Summary:OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Mon Nov 19 2001 - 11:23:53 CST
OpenSSH 3.0.1 (fwd)

Source: MITRE
Type: CNA
CVE-2001-1507

Source: BUGTRAQ
Type: Patch, Vendor Advisory
20011119 OpenSSH 3.0.1 (fwd)

Source: XF
Type: Patch
openssh-kerberos-elevate-privileges(7598)

Source: CONFIRM
Type: Patch
http://www.openbsd.org/errata30.html#sshd

Source: CCN
Type: OpenSSH Web site
OpenSSH

Source: CCN
Type: OSVDB ID: 20216
OpenSSH with KerberosV Remote Authentication Bypass

Source: BID
Type: UNKNOWN
3560

Source: CCN
Type: BID-3560
OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability

Source: XF
Type: UNKNOWN
openssh-kerberos-elevate-privileges(7598)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1.1:p4:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2.0:p1:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3.0:p1:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:p1:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:p2:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:p2:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:p1:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    openbsd openssh 3.0
    openbsd openssh 3.0p1
    openbsd openssh 2.1.1
    openbsd openssh 2.5.2
    openbsd openssh 2.5
    openbsd openssh 2.5.1
    openbsd openssh 2.9
    openbsd openssh 3.0
    openbsd openssh 2.9.9p2
    openbsd openssh 2.1
    openbsd openssh 2.2
    openbsd openssh 2.3
    openbsd openssh 2.9p2
    openbsd openssh 2.9p1
    openbsd openssh 2.9.9
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 1.2.27
    openbsd openssh 1.2.1
    openbsd openssh 1.2
    openbsd openssh 2.1.1 p4
    openbsd openssh 2.2.0 p1
    openbsd openssh 2.3.0 p1
    openbsd openssh 2.5.1 p1
    openbsd openssh 2.5.1 p2
    openbsd openssh 2.5.2 p2
    openbsd openssh 2.9.9 p1