PT-2005-3078 · Ssh · Ssh Tectia Server+1

Published

2005-07-05

Updated

2008-09-05

CVE-2005-2146

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: SSH Tectia Server versions 4.3.1 and earlier SSH Secure Shell for Windows Servers (affected versions not specified)

Description: The issue allows local users to access the Secure Shell host identification key due to insecure permissions when the key is generated. This could enable users to spoof the server.

Recommendations: For SSH Tectia Server versions 4.3.1 and earlier, update to a version later than 4.3.1 to resolve the issue. For SSH Secure Shell for Windows Servers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2146

Affected Products

Ssh Secure Shell For Windows Servers

Ssh Tectia Server

PT-2005-3078 · Ssh · Ssh Tectia Server+1

CVE-2005-2146

Related Identifiers

Affected Products

References · 3