| Vulnerability Name: | CVE-2005-2146 (CCN-21217) | ||||||||
| Assigned: | 2005-06-30 | ||||||||
| Published: | 2005-06-30 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2146 Source: CCN Type: SA15894 SSH Tectia Server Insecure Private Key Permissions Source: SECUNIA Type: Patch, Vendor Advisory 15894 Source: CCN Type: CIAC INFORMATION BULLETIN P-257 SSH Tectia Server Private Key Permission Vulnerability in Windows Source: CCN Type: US-CERT VU#973635 Some SSH servers on Microsoft Windows set insecure permissions for the host identification key file Source: CCN Type: OSVDB ID: 17685 SSH Tectia Server Private Key Permission Weakness Source: CCN Type: BID-14116 SSH Secure Shell/Tectia Server on Windows Host Identification Key Permission Vulnerability Source: CCN Type: SSH : Company : Newsroom SSH Tectia Server Private Key Permission Vulnerability in Windows Source: CONFIRM Type: Patch, Vendor Advisory http://www.ssh.com/company/newsroom/article/653/ Source: CCN Type: SSH Tectia Server Download Web page SSH Tectia Server Downloads Source: XF Type: UNKNOWN sshtectiaserver-host-key-disclosure(21217) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||