Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2001-0572

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

Published

2001-08-22T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openbsd	openssh	4.5	Yes
Application	ssh	ssh	1.2.24	Yes
Application	ssh	ssh	1.2.25	Yes
Application	ssh	ssh	1.2.26	Yes
Application	ssh	ssh	1.2.27	Yes
Application	ssh	ssh	1.2.28	Yes
Application	ssh	ssh	1.2.29	Yes
Application	ssh	ssh	1.2.30	Yes
Application	ssh	ssh	1.2.31	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html Exploit, Patch, Vendor Advisory ([email protected])
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391 Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/596827 US Government Resource ([email protected])
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3 Patch, Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2001-033.html Patch, Vendor Advisory ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/596827 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2001-033.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)