Vulnerabilities > CVE-2001-0144

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
openbsd
ssh
critical
nessus
exploit available

Summary

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

Exploit-Db

  • descriptionSSH 1.2.x CRC-32 Compensation Attack Detector Vulnerability. CVE-2001-0144. Remote exploit for unix platform
    idEDB-ID:20617
    last seen2016-02-02
    modified2001-02-08
    published2001-02-08
    reporterMichal Zalewski
    sourcehttps://www.exploit-db.com/download/20617/
    titleSSH 1.2.x CRC-32 Compensation Attack Detector Vulnerability
  • descriptionSSH (x2) Remote Root Exploit. CVE-2001-0144. Remote exploits for multiple platform
    idEDB-ID:349
    last seen2016-01-31
    modified2002-05-01
    published2002-05-01
    reporterTeso
    sourcehttps://www.exploit-db.com/download/349/
    titleSSH x2 - Remote Root Exploit

Nessus

  • NASL familyMisc.
    NASL idSSH_CRC32.NASL
    descriptionThe remote host is running a version of SSH that is older than version 1.2.32, or a version of OpenSSH that is older than 2.3.0. The remote version of this software is vulnerable to a flaw known as a
    last seen2020-06-01
    modified2020-06-02
    plugin id10607
    published2001-02-09
    reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10607
    titleSSH CRC-32 Compensation Attack Remote Overflow
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-086.NASL
    descriptionWe have received reports that the
    last seen2020-06-01
    modified2020-06-02
    plugin id14923
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14923
    titleDebian DSA-086-1 : ssh-nonfree - remote root exploit
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-027.NASL
    description- Versions of OpenSSH prior to 2.3.0 are vulnerable to a remote arbitrary memory overwrite attack which may lead to a root exploit. - CORE-SDI has described a problem with regards to RSA key exchange and a Bleichenbacher attack to gather the session key from an ssh session. Both of these issues have been corrected in our ssh package 1.2.3-9.2. We recommend you upgrade your openssh package immediately.
    last seen2020-06-01
    modified2020-06-02
    plugin id14864
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14864
    titleDebian DSA-027-1 : OpenSSH - remote exploit