PT-2001-1488 · Openssh+1 · Ssh-Keygen+2

Published

2001-05-07

Updated

2017-10-10

CVE-2001-0259

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions ssh versions 1.2.27 through 1.2.30

Description The issue allows local attackers to recover a SUN-DES-1 magic phrase generated by another user. This magic phrase can then be used to decrypt the user's private key file.

Recommendations For versions 1.2.27 through 1.2.30, consider restricting access to the ssh-keygen utility until a fix is available. As a temporary workaround, users should be cautious when using Secure-RPC to generate SUN-DES-1 magic phrases.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0259

Affected Products

Secure-Rpc

Ssh

Ssh-Keygen

PT-2001-1488 · Openssh+1 · Ssh-Keygen+2

CVE-2001-0259

Related Identifiers

Affected Products

References · 6