Vulnerabilities > CVE-2003-0724 - Authentication Bypass vulnerability in HP Tru64 SSH Undisclosed RSA Key Potential

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

compaq

NVD

Published: 2003-10-20

Updated: 2008-09-05

Summary

ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.

Vulnerable Configurations

Part	Description	Count
OS	Compaq Compaq Tru64 5.1A Compaq Tru64 5.1A_Pk1_Bl1 Compaq Tru64 5.1A_Pk2_Bl2 Compaq Tru64 5.1A_Pk3_Bl3 Compaq Tru64 5.1A_Pk4_Bl21 Compaq Tru64 5.1A_Pk5_Bl23 Compaq Tru64 5.1B_Pk2_Bl22	7

References

http://www.securityfocus.com/advisories/5736
http://www.securityfocus.com/bid/8492