Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:P/A:N
Vendors Products
Openbsd
  • Openssh
Ssh
  • Ssh

Configuration 1 [-]

OR cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*
References
Link Resource
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
http://marc.info/?l=bugtraq&m=98158450021686&w=2
http://www.ciac.org/ciac/bulletins/l-047.shtml
http://www.debian.org/security/2001/dsa-023
http://www.debian.org/security/2001/dsa-027
http://www.debian.org/security/2001/dsa-086
http://www.novell.com/linux/security/advisories/adv004_ssh.html
http://www.osvdb.org/2116
http://www.securityfocus.com/bid/2344 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6082
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2001-09-18T04:00:00

Updated: 2009-03-02T00:00:00

Reserved: 2001-05-24T00:00:00

Link: CVE-2001-0361

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2001-06-27T04:00:00.000

Modified: 2018-05-03T01:29:11.913

Link: CVE-2001-0361

JSON object: View

cve-icon Redhat Information

No data.

CWE