| Vulnerability Name: | CVE-2004-1357 (CCN-15784) | ||||||||
| Assigned: | 2004-04-07 | ||||||||
| Published: | 2004-04-07 | ||||||||
| Updated: | 2017-10-11 | ||||||||
| Summary: | The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Configuration | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-1357 Source: CCN Type: SA11316 Sun Solaris SSHD Client IP Address Logging Failure Source: SECUNIA Type: Patch, Vendor Advisory 11316 Source: CCN Type: Sun Alert ID: 57538 The Sun Secure Shell Daemon (sshd(1M)) May Fail to Log SSH Client IP Addresses Source: SUNALERT Type: Patch, Vendor Advisory 57538 Source: AUSCERT Type: Patch, Vendor Advisory ESB-2004.0263 Source: CCN Type: US-CERT VU#737548 Sun Solaris SSH Daemon fails to properly log client IP addresses Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#737548 Source: CCN Type: OSVDB ID: 5010 Solaris SSHD Client IP Logging Failure Source: BID Type: Patch 10080 Source: CCN Type: BID-10080 Sun Solaris Secure Shell Daemon Client Logging Weakness Source: XF Type: UNKNOWN solaris-sshd-log-bypass(15784) Source: XF Type: UNKNOWN solaris-sshd-log-bypass(15784) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:3505 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||