CVE-2001-0361

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 2.3.0 ssh-1 versions prior to 1.2.31 Debian GNU/Linux (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including ssh-socks, inn2-dev, inn2-inews, ssh-askpass-nonfree, and ssh-nonfree. These vulnerabilities can lead to a breach of confidentiality and integrity of protected information. Exploitation of these vulnerabilities can be carried out remotely. Additionally, implementations of SSH version 1.5 are vulnerable to a "Bleichenbacher attack" on PKCS#1 version 1.5, allowing a remote attacker to decrypt and/or alter traffic in certain configurations.

Recommendations For OpenSSH versions prior to 2.3.0, update to version 2.3.0 or later. For ssh-1 versions prior to 1.2.31, update to version 1.2.31 or later. For Debian GNU/Linux, apply the necessary security updates for the affected packages, including ssh-socks, inn2-dev, inn2-inews, ssh-askpass-nonfree, and ssh-nonfree. As a temporary workaround, consider restricting access to the vulnerable packages until a patch is available.