Vulnerability CVE-2003-0190 - CERT Civis.Net

Vulnerability Name:

CVE-2003-0190 (CCN-11902)

Assigned:

2003-04-30

Published:

2003-04-30

Updated:

2022-12-13

Summary:

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: BugTraq Mailing List, Wed Apr 30 2003 - 09:34:27 CDT
OpenSSH/PAM timing attack allows remote users identification

Source: MITRE
Type: CNA
CVE-2003-0190

Source: CCN
Type: Gentoo Linux Security Announcement 200305-01
openssh timing attack leads to information disclosure

Source: CCN
Type: Gentoo Linux Security Announcement 200305-02
shadow PAM workaround for OpenSSH user identification

Source: CCN
Type: Mediaservice.net Security Advisory #01, 30/04/2003
OpenSSH/PAM timing attack allows remote users identification

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: RHSA-2003-222
Updated openssh packages available

Source: CCN
Type: RHSA-2003-224
openssh security update

Source: CCN
Type: SA46041
Blue Coat Director Multiple Vulnerabilities

Source: CCN
Type: SA8720
OpenSSH User Identification Vulnerability

Source: CCN
Type: OpenPKG-SA-2003.035
OpenSSH

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: BID-11781
OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability

Source: CCN
Type: BID-7342
PAM Authentication Execution Path Timing Information Leakage Weakness

Source: CCN
Type: BID-7343
OpenSSH Authentication Execution Path Timing Information Leakage Weakness

Source: CCN
Type: BID-7467
OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability

Source: cve@mitre.org
Type: Exploit, Patch, Vendor Advisory
cve@mitre.org

Source: CCN
Type: TLSA-2003-31
OpenSSH/PAM timing attack allows remote users identification

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: USN-34-1
OpenSSH information leakage

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: XF
Type: UNKNOWN
openssh-pam-info-leak(11902)

Source: CCN
Type: Bluecoat Web site
Security Advisories

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
SSH Username Enumeration

Source: SUSE
Type: SUSE-SR:2005:005
SUSE Security Summary Report

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.2:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.4:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.1:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.2:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.1:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.3:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.3:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.5:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9:p2:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.1.1:p4:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.2.0:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.3.0:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5.1:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5.1:p2:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5.2:p2:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9.9:p1:*:*:*:*:*:*

AND

cpe:/o:redhat:linux:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*

OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:-:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:8:*:*:*:server:*:*:*

OR cpe:/o:turbolinux:turbolinux:8:*:*:*:workstation:*:*:*

OR cpe:/o:turbolinux:turbolinux:7:*:*:*:server:*:*:*

OR cpe:/o:turbolinux:turbolinux:7:*:*:*:workstation:*:*:*

OR cpe:/a:openpkg:openpkg:1.2:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:*

OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20030190	V	CVE-2003-0190	2015-11-16
oval:org.mitre.oval:def:445	V	OpenSSH Indirect User Disclosure Vulnerability	2010-09-20