PT-2003-1109 · Openssh+1 · Openssh-Portable+1

Andrea Ghirardini

+3

·

Publicado

2003-05-02

·

Atualizado

2024-07-08

·

CVE-2003-0190

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions OpenSSH-portable versions 3.6.1p1 and earlier
Description The issue allows remote attackers to determine valid usernames via a timing attack when a user does not exist, due to the immediate sending of an error message with PAM support enabled. This can lead to a violation of confidentiality. The vulnerability can be exploited remotely.
Recommendations For OpenSSH-portable versions 3.6.1p1 and earlier, consider disabling PAM support as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203

Identificadores relacionados

ALT-PU-2024-3921
ALT-PU-2024-4077
ALT-PU-2024-4467
ALT-PU-2024-9513
BDU:2015-08184
BDU:2015-08187
BDU:2015-08190
BDU:2015-08193
BDU:2015-08196
CVE-2003-0190

Produtos afetados

Alt Linux
Openssh-Portable