Vulnerabilities > CVE-2001-0572
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 8 |
Nessus
NASL family General NASL id SSH1_PROTO_ENABLED.NASL description The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. last seen 2020-04-30 modified 2002-03-06 plugin id 10882 published 2002-03-06 reporter This script is Copyright (C) 2002-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10882 title SSH Protocol Version 1 Session Key Retrieval NASL family Misc. NASL id OPENSSH_252.NASL description According to its banner, the remote host appears to be running a version of OpenSSH earlier than 2.5.2 / 2.5.2p2. It, therefore, reportedly contains weaknesses in its implementation of the SSH protocol, both versions 1 and 2. These weaknesses could allow an attacker to sniff password lengths, and ranges of length (this could make brute-force password guessing easier), determine whether RSA or DSA authentication is being used, the number of authorized_keys in RSA authentication and/or the length of shell commands. last seen 2020-06-01 modified 2020-06-02 plugin id 44068 published 2011-10-04 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44068 title OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-033.NASL description There are several weaknesses in various implementations of the SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su. Versions of OpenSSH 2.5.2 and later have been fixed to reduce the impact of these traffic analysis problems, and as such all Linux- Mandrake users are encouraged to upgrade their version of openssh immediately. Update : A problem was introduced with a patch applied to the OpenSSH packages released in the previous update. This problem was due to the keepalive patch included, and it broke interoperability with older versions of OpenSSH and SSH. This update removes the patch, and also provides the latest version of OpenSSH which provides a number of new features and enhancements. last seen 2020-06-01 modified 2020-06-02 plugin id 14776 published 2004-09-18 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14776 title Mandrake Linux Security Advisory : openssh (MDKSA-2001:033-2) NASL family CISCO NASL id CISCO_SSH_MULTIPLE_VULNS.NASL description According to its version number, the remote host is a Cisco router or switch running a vulnerable SSH daemon. By exploiting weaknesses in the SSH protocol, it is possible to insert arbitrary commands into an established SSH session, collect information that may help in brute-force key recovery, or brute-force a session key. last seen 2020-06-01 modified 2020-06-02 plugin id 10972 published 2002-06-05 reporter This script is (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10972 title Cisco Devices Multiple SSH Information Disclosure Vulnerabilities NASL family Misc. NASL id SUNSSH_PLAINTEXT_RECOVERY.NASL description The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could exploit this to gain access to sensitive information. Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them. last seen 2020-06-01 modified 2020-06-02 plugin id 55992 published 2011-08-29 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55992 title SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure NASL family CISCO NASL id CISCO-SA-20010627-SSHHTTP.NASL description Four different Cisco product lines are susceptible to multiple vulnerabilities discovered in the Secure Shell (SSH) protocol version 1.5. These issues have been addressed, and fixes have been integrated into the Cisco products that support this protocol. By exploiting the weakness in the SSH protocol, it is possible to insert arbitrary commands into an established SSH session, collect information that may help in brute-force key recovery, or brute force a session key. Affected product lines are: No other Cisco products are vulnerable. It is possible to mitigate this vulnerability by preventing, or having control over, the interception of SSH traffic. Cisco IOS is not vulnerable to any of known exploits that are currently used to compromise UNIX hosts. For the warning regarding increased scanning activity for hosts running SSH consult CERT/CC. last seen 2019-10-28 modified 2010-09-01 plugin id 48957 published 2010-09-01 reporter This script is (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48957 title Multiple SSH Vulnerabilities - Cisco Systems
Redhat
| advisories |
|