Vulnerabilities > CVE-2001-0144

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

openbsd

ssh

critical

nessus

exploit available

NVD

Published: 2001-03-12

Updated: 2018-05-03

Summary

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Openbsd Openbsd Openssh 1.2.2 Openbsd Openssh 1.2.3 Openbsd Openssh 2.1 Openbsd Openssh 2.1.1 Openbsd Openssh 2.2	5
Application	Ssh SSH SSH 1.2.24 SSH SSH 1.2.25 SSH SSH 1.2.26 SSH SSH 1.2.27 SSH SSH 1.2.28 SSH SSH 1.2.29 SSH SSH 1.2.30 SSH SSH 1.2.31	8

Exploit-Db

description	SSH 1.2.x CRC-32 Compensation Attack Detector Vulnerability. CVE-2001-0144. Remote exploit for unix platform
id	EDB-ID:20617
last seen	2016-02-02
modified	2001-02-08
published	2001-02-08
reporter	Michal Zalewski
source	https://www.exploit-db.com/download/20617/
title	SSH 1.2.x CRC-32 Compensation Attack Detector Vulnerability

description	SSH (x2) Remote Root Exploit. CVE-2001-0144. Remote exploits for multiple platform
id	EDB-ID:349
last seen	2016-01-31
modified	2002-05-01
published	2002-05-01
reporter	Teso
source	https://www.exploit-db.com/download/349/
title	SSH x2 - Remote Root Exploit

Nessus

NASL family	Misc.
NASL id	SSH_CRC32.NASL
description	The remote host is running a version of SSH that is older than version 1.2.32, or a version of OpenSSH that is older than 2.3.0. The remote version of this software is vulnerable to a flaw known as a
last seen	2020-06-01
modified	2020-06-02
plugin id	10607
published	2001-02-09
reporter	This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10607
title	SSH CRC-32 Compensation Attack Remote Overflow

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-086.NASL
description	We have received reports that the
last seen	2020-06-01
modified	2020-06-02
plugin id	14923
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14923
title	Debian DSA-086-1 : ssh-nonfree - remote root exploit

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-027.NASL
description	- Versions of OpenSSH prior to 2.3.0 are vulnerable to a remote arbitrary memory overwrite attack which may lead to a root exploit. - CORE-SDI has described a problem with regards to RSA key exchange and a Bleichenbacher attack to gather the session key from an ssh session. Both of these issues have been corrected in our ssh package 1.2.3-9.2. We recommend you upgrade your openssh package immediately.
last seen	2020-06-01
modified	2020-06-02
plugin id	14864
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14864
title	Debian DSA-027-1 : OpenSSH - remote exploit

Vulnerabilities > CVE-2001-0144 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2001-0144"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References

Vulnerabilities > CVE-2001-0144