CVE-2001-1474

SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/786900	Third Party Advisory US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/6604

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ssh:ssh:1.2.24:::::::*
	cpe:2.3:a:ssh:ssh:1.2.25:::::::*
	cpe:2.3:a:ssh:ssh:1.2.26:::::::*
	cpe:2.3:a:ssh:ssh:1.2.27:::::::*
	cpe:2.3:a:ssh:ssh:1.2.28:::::::*
	cpe:2.3:a:ssh:ssh:1.2.29:::::::*
	cpe:2.3:a:ssh:ssh:1.2.30:::::::*
	cpe:2.3:a:ssh:ssh:1.2.31:::::::*

History

No history.

Information

Published : 2001-01-18 05:00

Updated : 2017-07-11 01:29

NVD link : CVE-2001-1474

Mitre link : CVE-2001-1474

CVE.ORG link : CVE-2001-1474

JSON object : View

Products Affected

ssh

ssh

CWE

NVD-CWE-Other

{"id": "CVE-2001-1474", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-01-18T05:00:00.000", "references": [{"url": "http://www.kb.cert.org/vuls/id/786900", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6604", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache."}], "lastModified": "2017-07-11T01:29:09.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0EDBA45-FDEE-4D4B-A6FF-7E953B523DAE"}, {"criteria": "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AF5BDEF-E86B-4F4D-AF6D-B27044A96B1E"}, {"criteria": "cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D0FF07F-E13B-425F-9892-C50B326B2944"}, {"criteria": "cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "338EDA76-05D6-48C0-952E-6244A5F206F3"}, {"criteria": "cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F719468E-A218-4EB5-9F8D-7841E84F44C8"}, {"criteria": "cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E4FCD36-0009-4A93-A190-8FDD11C672CA"}, {"criteria": "cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71727854-1B75-465F-AF8C-DFE6EFF46B40"}, {"criteria": "cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B76EA2-D3A6-4751-ADE6-998C2A7B44FA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}