oval:org.mitre.oval:def:445

Definition Id: oval:org.mitre.oval:def:445

Oval ID:	oval:org.mitre.oval:def:445
Title:	OpenSSH Indirect User Disclosure Vulnerability
Description:	OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0190	Version:	4
Platform(s):	Red Hat Linux 9	Product(s):	OpenSSH
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND openssh-server version is less than 3.5p1-6.9 AND Configuration section sshd listens on the network