CVE-2001-1380

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 2.9.9 openssh-server version 2.9p2 openssh-clients version 2.9p2 openssh version 2.9p2 openssh-askpass-gnome version 2.9p2 openssh-askpass version 2.9p2

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. The problem is related to the handling of keypairs and multiple keys of different types in the ~/.ssh/authorized keys2 file, specifically with the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

Recommendations For OpenSSH versions prior to 2.9.9, update to version 2.9.9 or later to resolve the issue. For openssh-server version 2.9p2, consider disabling the use of keypairs and multiple keys of different types in the ~/.ssh/authorized keys2 file until a patch is available. For openssh-clients version 2.9p2, restrict access to the ~/.ssh/authorized keys2 file to minimize the risk of exploitation. For openssh version 2.9p2, openssh-askpass-gnome version 2.9p2, and openssh-askpass version 2.9p2, there is no specific information about a fix, so consider general best practices for secure configuration and monitoring. At the moment, there is no information about a newer version that contains a fix for these specific packages.