Vulnerability Description
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | 1.2.3 |
| Ssh | Ssh | <= 1.2.31 |
Related Weaknesses (CWE)
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
- http://marc.info/?l=bugtraq&m=98158450021686&w=2
- http://www.ciac.org/ciac/bulletins/l-047.shtml
- http://www.debian.org/security/2001/dsa-023
- http://www.debian.org/security/2001/dsa-027
- http://www.debian.org/security/2001/dsa-086
- http://www.novell.com/linux/security/advisories/adv004_ssh.html
- http://www.osvdb.org/2116
- http://www.securityfocus.com/bid/2344PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6082
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
- http://marc.info/?l=bugtraq&m=98158450021686&w=2
- http://www.ciac.org/ciac/bulletins/l-047.shtml
- http://www.debian.org/security/2001/dsa-023
- http://www.debian.org/security/2001/dsa-027
FAQ
What is CVE-2001-0361?
CVE-2001-0361 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alt...
How severe is CVE-2001-0361?
CVE-2001-0361 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0361?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Ssh Ssh.