PT-2001-2564 · Openssh · Ssh
Published
2001-01-18
·
Updated
2017-07-11
·
CVE-2001-1474
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SSH versions prior to 2.0
Description
The issue allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache, as SSH before version 2.0 disables host key checking when connecting to the localhost.
Recommendations
For versions prior to 2.0, update to version 2.0 or later to enable host key checking and prevent DNS cache poisoning attacks.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ssh