| Vulnerability Name: | CVE-2006-0353 (CCN-24263) | ||||||||
| Assigned: | 2006-01-20 | ||||||||
| Published: | 2006-01-20 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. | ||||||||
| CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0353 Source: CCN Type: lsh-bugs Mailing List, Fri Jan 20 17:44:07 CET 2006 SECURITY: lshd leaks fd:s to user shells Source: MLIST Type: Vendor Advisory [lsh-bugs] SECURITY: lshd leaks fd:s to user shells Source: CCN Type: SA18564 LSH lshd Seed-file File Descriptor Leak Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 18564 Source: SECUNIA Type: Patch, Vendor Advisory 18623 Source: DEBIAN Type: Patch, Vendor Advisory DSA-956 Source: DEBIAN Type: DSA-956 lsh-server -- filedescriptor leak Source: CCN Type: lsh Web page LSH - a GNU implementation of the Secure Shells protocols Source: OSVDB Type: UNKNOWN 22695 Source: CCN Type: OSVDB ID: 22695 LSH lshd Seed-file File Descriptor Leak Source: BID Type: Patch 16357 Source: CCN Type: BID-16357 LSH Seed File File Descriptor Leakage Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2006-0301 Source: XF Type: UNKNOWN lsh-file-descriptor-leak(24263) Source: XF Type: UNKNOWN lsh-file-descriptor-leak(24263) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||