Executive Summary

Informations
Name CVE-2001-0361 First vendor Publication 2001-06-27
Vendor Cve Last vendor Modification 2018-05-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0361

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5729
 
Oval ID: oval:org.mitre.oval:def:5729
Title: Multiple Vendor SSH 1.5 Session Key Recovery Vulnerability
Description: Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
Family: ios Class: vulnerability
Reference(s): CVE-2001-0361
Version: 1
Platform(s): Cisco IOS
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 33

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 023-1 (inn2)
File : nvt/deb_023_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)
File : nvt/deb_086_1.nasl
2005-11-03 Name : PKCS 1 Version 1.5 Session Key Retrieval
File : nvt/ssh_pkcs.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
2116 PKCS 1 Version 1.5 Session Key Retrieval (Bleichenbacher Attack)

Several protocols which implement the digital enveloping method, described in version 1.5 of the PKCS #1 standard, are susceptible to an adaptive ciphertext attack. This allows the recovery of session keys, thus compromising the integrity of the data transmitting during that session. The data encryption techniques described in RSA's PKCS #1 standard are used in many protocols which rely on, at least in part, the security provided by public-key cryptography systems.

Nessus® Vulnerability Scanner

Date Description
2011-10-04 Name : Remote attackers may be able to infer information about traffic inside an SSH...
File : openssh_252.nasl - Type : ACT_GATHER_INFO
2011-08-29 Name : The SSH service running on the remote host has an information disclosure vuln...
File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-023.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-027.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-086.nasl - Type : ACT_GATHER_INFO
2002-06-05 Name : The remote network device is running an SSH server with multiple vulnerabilit...
File : cisco_ssh_multiple_vulns.nasl - Type : ACT_GATHER_INFO
2002-03-06 Name : The remote service offers an insecure cryptographic protocol.
File : ssh1_proto_enabled.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/2344
BUGTRAQ http://marc.info/?l=bugtraq&m=98158450021686&w=2
CIAC http://www.ciac.org/ciac/bulletins/l-047.shtml
DEBIAN http://www.debian.org/security/2001/dsa-023
http://www.debian.org/security/2001/dsa-027
http://www.debian.org/security/2001/dsa-086
FREEBSD ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
OSVDB http://www.osvdb.org/2116
SUSE http://www.novell.com/linux/security/advisories/adv004_ssh.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/6082

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Date Informations
2024-02-02 01:01:35
  • Multiple Updates
2024-02-01 12:01:15
  • Multiple Updates
2023-12-29 01:01:30
  • Multiple Updates
2023-09-05 12:01:32
  • Multiple Updates
2023-09-05 01:01:07
  • Multiple Updates
2023-09-02 12:01:33
  • Multiple Updates
2023-09-02 01:01:07
  • Multiple Updates
2023-08-12 12:01:53
  • Multiple Updates
2023-08-12 01:01:07
  • Multiple Updates
2023-08-11 12:01:36
  • Multiple Updates
2023-08-11 01:01:08
  • Multiple Updates
2023-08-06 12:01:28
  • Multiple Updates
2023-08-06 01:01:08
  • Multiple Updates
2023-08-04 12:01:32
  • Multiple Updates
2023-08-04 01:01:07
  • Multiple Updates
2023-07-14 12:01:30
  • Multiple Updates
2023-07-14 01:01:08
  • Multiple Updates
2023-03-29 01:01:28
  • Multiple Updates
2023-03-28 12:01:13
  • Multiple Updates
2022-10-11 12:01:21
  • Multiple Updates
2022-10-11 01:01:01
  • Multiple Updates
2021-05-04 12:01:20
  • Multiple Updates
2021-04-22 01:01:32
  • Multiple Updates
2020-07-25 12:00:57
  • Multiple Updates
2020-05-23 01:35:30
  • Multiple Updates
2020-05-23 00:14:36
  • Multiple Updates
2018-05-03 09:19:24
  • Multiple Updates
2016-10-18 12:00:54
  • Multiple Updates
2016-06-28 14:55:28
  • Multiple Updates
2016-04-26 11:51:49
  • Multiple Updates
2014-02-17 10:23:43
  • Multiple Updates
2013-05-11 12:03:54
  • Multiple Updates