CVE-2003-0724
CVSS7.5
发布时间 :2003-10-20 00:00:00
修订时间 :2008-09-05 16:35:05
NMCOS    

[原文]ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.


[CNNVD]HP Tru64 SSH未明RSA密钥验证绕过漏洞(CNNVD-200310-036)

        
        HP Tru64是一款HP公司开发的商业性质Unix操作系统。
        运行SSH的HP Tru64系统中当使用数字证书和RSA密钥匙时由于SSH不正确处理RSA签名,本地或者远程攻击者可以绕过验证未授权访问系统。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:compaq:tru64:5.1b_pk2_bl22Compaq Tru64 5.1b PK2_BL22
cpe:/o:compaq:tru64:5.1a_pk1_bl1Compaq Tru64 5.1a PK1_BL1
cpe:/o:compaq:tru64:5.1a_pk4_bl21Compaq Tru64 5.1a PK4_BL21
cpe:/o:compaq:tru64:5.1a_pk5_bl23Compaq Tru64 5.1a PK5_BL23
cpe:/o:compaq:tru64:5.1aCompaq Tru64 5.1a
cpe:/o:compaq:tru64:5.1a_pk2_bl2Compaq Tru64 5.1a PK2_BL2
cpe:/o:compaq:tru64:5.1a_pk3_bl3Compaq Tru64 5.1a PK3_BL3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0724
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0724
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200310-036
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/8492
(VENDOR_ADVISORY)  BID  8492
http://www.securityfocus.com/advisories/5736
(VENDOR_ADVISORY)  HP  SSRT3588

- 漏洞信息

HP Tru64 SSH未明RSA密钥验证绕过漏洞
高危 未知
2003-10-20 00:00:00 2005-10-20 00:00:00
远程  
        
        HP Tru64是一款HP公司开发的商业性质Unix操作系统。
        运行SSH的HP Tru64系统中当使用数字证书和RSA密钥匙时由于SSH不正确处理RSA签名,本地或者远程攻击者可以绕过验证未授权访问系统。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * HP建议使用DSA算法来代替RSA算法,直到系统采用补丁:
        # ssh-keygen2 -t dsa
        厂商补丁:
        HP
        --
        HP已经为此发布了一个安全公告(SSRT3588)以及相应补丁:
        SSRT3588:SSRT3588: (Tru64) A Potential Security Vulnerability With ssh
        Tru64 UNIX 5.1A系统可从如下地址获得升级过的SSH程序:
        
        http://h30097.www3.hp.com/unix/ssh/index.html

        HP Tru64 UNIX 5.1B会在以后的5.1B PK3补丁集中提供。

- 漏洞信息

7691
HP Tru64 UNIX ssh RSA Key Mishandling Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-08-25 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

HP Tru64 SSH Undisclosed RSA Key Potential Authentication Bypass Vulnerability
Unknown 8492
Yes No
2003-08-25 12:00:00 2009-07-11 11:56:00
This vulnerability has been disclosed in a vendor advisory.

- 受影响的程序版本

Compaq Tru64 5.1 b PK2 (BL22)
Compaq Tru64 5.1 a PK5 (BL23)
Compaq Tru64 5.1 a PK4 (BL21)
Compaq Tru64 5.1 a PK3 (BL3)
Compaq Tru64 5.1 a PK2 (BL2)
Compaq Tru64 5.1 a PK1 (BL1)
Compaq Tru64 5.1 a

- 漏洞讨论

The HP Tru64 implementation of SSH has been reported prone to an undisclosed potential authentication bypass vulnerability. The issue has been reported to present itself when RSA signatures are incorrectly processed, if SSH is implementing RSA keys and digital certificates as authentication methods.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

HP released a security advisory (SSRT3588) and fixes to address this issue in Tru64 5.1A systems. Fixes for other versions of Tru64 are pending, customers who are affected by this issue and do not have a fix available are advised to implement the workaround described in the Workaround section of this BID.


Compaq Tru64 5.1 a PK1 (BL1)

Compaq Tru64 5.1 a PK5 (BL23)

Compaq Tru64 5.1 a PK2 (BL2)

Compaq Tru64 5.1 a PK4 (BL21)

Compaq Tru64 5.1 a

Compaq Tru64 5.1 a PK3 (BL3)

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站