CVE-2001-0572
CVSS7.5
发布时间 :2001-08-22 00:00:00
修订时间 :2008-09-05 16:24:26
NMCOS    

[原文]The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.


[CNNVD]OpenSSH SSH协议1和2漏洞(CNNVD-200108-127)

        OpenSSH和其他包上生效的SSH协议1和2(也称为SSH-2)具有许多缺陷。远程攻击者可以借助嗅探:(1)密码长度或长度范围简化蛮力密码猜测,(2)RSA或DSA认证是否被使用,(3)RSA认证的authorized_keys数目或(4)shell命令的长度获得下列信息。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ssh:ssh:1.2.24SSH Communications Security SSH daemon 1.2.24
cpe:/a:ssh:ssh:1.2.25SSH Communications Security SSH daemon 1.2.25
cpe:/a:ssh:ssh:1.2.30SSH Communications Security SSH daemon 1.2.30
cpe:/a:ssh:ssh:1.2.29SSH Communications Security SSH daemon 1.2.29
cpe:/a:ssh:ssh:1.2.26SSH Communications Security SSH daemon 1.2.26
cpe:/a:ssh:ssh:1.2.27SSH Communications Security SSH daemon 1.2.27
cpe:/a:openbsd:openssh:4.5OpenBSD OpenSSH 4.5
cpe:/a:ssh:ssh:1.2.31SSH Communications Security SSH daemon 1.2.31
cpe:/a:ssh:ssh:1.2.28SSH Communications Security SSH daemon 1.2.28

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0572
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0572
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200108-127
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/596827
(UNKNOWN)  CERT-VN  VU#596827
http://www.redhat.com/support/errata/RHSA-2001-033.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2001:033
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2001:033
http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html
(VENDOR_ADVISORY)  BUGTRAQ  20010318 Passive Analysis of SSH (Secure Shell) Traffic
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391
(VENDOR_ADVISORY)  CONECTIVA  CLA-2001:391

- 漏洞信息

OpenSSH SSH协议1和2漏洞
高危 未知
2001-08-22 00:00:00 2006-09-05 00:00:00
远程  
        OpenSSH和其他包上生效的SSH协议1和2(也称为SSH-2)具有许多缺陷。远程攻击者可以借助嗅探:(1)密码长度或长度范围简化蛮力密码猜测,(2)RSA或DSA认证是否被使用,(3)RSA认证的authorized_keys数目或(4)shell命令的长度获得下列信息。

- 公告与补丁

        

- 漏洞信息

3561
Cisco Devices SSH Password Length Disclosure

- 漏洞描述

Cisco IOS, CatOS and WebNS contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the disclosure of password length by SSH protocol, which will disclose information of value in a brute force attack resulting in a loss of confidentiality.

- 时间线

2001-06-27 2001-06-27
Unknow Unknow

- 解决方案

Upgrade to version indicated by Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OpenSSH Ciphersuite Specification Information Disclosure Weakness
Design Error 49473
Yes No
2001-03-03 12:00:00 2011-09-09 05:00:00
Solar Designer and Dug Song of The Openwall Project and Dawn Xiaodong Song, David Wagner, and Xuqing Tian of the University of California

- 受影响的程序版本

OpenSSH OpenSSH 2.9 p1
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
OpenSSH OpenSSH 2.9
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5
OpenSSH OpenSSH 2.5.2
- Caldera OpenUnix 8.0
- Caldera UnixWare 7.1.1
- Wirex Immunix OS 6.2
OpenSSH OpenSSH 2.5.1
+ NetBSD NetBSD 1.5.1
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. SuSE eMail Server III
- SCO Open Server 5.0.6 a
- SCO Open Server 5.0.6
- SCO Open Server 5.0.5
- SCO Open Server 5.0.4
- SCO Open Server 5.0.3
- SCO Open Server 5.0.2
- SCO Open Server 5.0.1
- SCO Open Server 5.0
+ SuSE SUSE Linux Enterprise Server 7
OpenSSH OpenSSH 2.5
OpenSSH OpenSSH 2.3
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 i386
- S.u.S.E. Linux 6.4 alpha
OpenSSH OpenSSH 2.2 .0p1
OpenSSH OpenSSH 2.2
+ Conectiva Linux 6.0
+ NetBSD NetBSD 1.5
OpenSSH OpenSSH 2.1.1
+ Conectiva Linux 5.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
OpenSSH OpenSSH 2.1
OpenSSH OpenSSH 2.9 p2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
+ FreeBSD FreeBSD 4.4 -RELENG
+ HP Secure OS software for Linux 1.0
+ Immunix Immunix OS 7.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Single Network Firewall 7.2
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux 7.0
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
+ Sun Cobalt RaQ 550

- 不受影响的程序版本

OpenSSH OpenSSH 2.9 p2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
+ FreeBSD FreeBSD 4.4 -RELENG
+ HP Secure OS software for Linux 1.0
+ Immunix Immunix OS 7.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Single Network Firewall 7.2
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux 7.0
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
+ Sun Cobalt RaQ 550

- 漏洞讨论

OpenSSH is prone to a security weakness that may allow attackers to downgrade the ciphersuite.

Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information that may aid in further attacks.

Releases prior to OpenSSH 2.9p2 are vulnerable.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站