ID

VAR-200103-0055


CVE

CVE-2001-0144


TITLE

Multiple Cisco products consume excessive CPU resources in response to large SSH packets

Trust: 0.8

sources: CERT/CC: VU#290140

DESCRIPTION

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. The problem is deattack.c , This program is created by CORE SDI Development to prevent SSH1 Agreement is subject to CRC32 Compensation for the attack. Due to detect_attack() The wrong one in the function 16 Unsigned variables of bits as 32 Bit variables are used, causing table index overflow problems. This will allow an attacker to overwrite the content anywhere in the memory, the attacker may obtain it remotely root Permissions. The problem is detect_attack() In the function: ... /* detect_attack Detects a crc32 compensation attack on a packet */ int detect_attack(unsigned char *buf , word32 len , unsigned char *IV) { static word16 *h = (word16 *) NULL; (*) static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; register word32 i , j; word32 l; ... n Is incorrectly defined as 16 Bit integer, so an attacker can manage to cause its value to 0 , In progress xmalloc(0) After allocation, the following code will be executed: for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; due to i set as 32 Bit unsigned integer, in n=0 When, the result becomes: i = HASH(c) & 0xffffffff and c Can be provided by the client. in case i The value is outside the normal range, the program is trying to access h[i] A segfault will occur. By carefully constructing the attack message, the attacker may overwrite the content of any address and execute arbitrary code remotely. The attacker does not need a valid system account to attack. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----

Trust: 7.02

sources: NVD: CVE-2001-0144 // CERT/CC: VU#290140 // CERT/CC: VU#13877 // CERT/CC: VU#25309 // CERT/CC: VU#945216 // CERT/CC: VU#566640 // CERT/CC: VU#651994 // CERT/CC: VU#315308 // BID: 2347 // BID: 5114 // BID: 2405 // VULHUB: VH-CVE-2001-0144 // VULMON: CVE-2001-0144 // PACKETSTORM: 24431

AFFECTED PRODUCTS

vendor:ssh securitymodel: - scope: - version: -

Trust: 3.2

vendor:ciscomodel:catalyst csxscope:eqversion:60005.3

Trust: 2.4

vendor:sshmodel:sshscope:eqversion:1.2.24

Trust: 1.7

vendor:sshmodel:sshscope:eqversion:1.2.25

Trust: 1.7

vendor:sshmodel:sshscope:eqversion:1.2.26

Trust: 1.7

vendor:sshmodel:sshscope:eqversion:1.2.27

Trust: 1.7

vendor:sshmodel:sshscope:eqversion:1.2.28

Trust: 1.7

vendor:sshmodel:sshscope:eqversion:1.2.29

Trust: 1.7

vendor:sshmodel:sshscope:eqversion:1.2.30

Trust: 1.7

vendor:sshmodel:sshscope:eqversion:1.2.31

Trust: 1.7

vendor:ciscomodel: - scope: - version: -

Trust: 1.6

vendor:opensshmodel: - scope: - version: -

Trust: 1.6

vendor:ciscomodel:ios 12.1 exscope: - version: -

Trust: 1.2

vendor:openbsdmodel:opensshscope:eqversion:1.2.2

Trust: 1.1

vendor:openbsdmodel:opensshscope:eqversion:1.2.3

Trust: 1.1

vendor:openbsdmodel:opensshscope:eqversion:2.1

Trust: 1.1

vendor:openbsdmodel:opensshscope:eqversion:2.1.1

Trust: 1.1

vendor:openbsdmodel:opensshscope:eqversion:2.2

Trust: 1.1

vendor:ciscomodel:catalystscope:eqversion:60006.1

Trust: 0.9

vendor:ciscomodel:catalystscope:eqversion:60005.5

Trust: 0.9

vendor:core sdimodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:smoothwallmodel: - scope: - version: -

Trust: 0.8

vendor:susemodel: - scope: - version: -

Trust: 0.8

vendor:holger lammmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:ios 12.2xqscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.2xhscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.2xescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.2xdscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.2xascope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.2tscope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 0.6

vendor:ciscomodel:ios 12.1yfscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1ydscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1ycscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1ybscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xuscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xtscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xqscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xpscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xmscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xlscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xjscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xiscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xhscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xgscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xfscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xcscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1xbscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1tscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1ecscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.1escope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.0sscope: - version: -

Trust: 0.6

vendor:ciscomodel:catalystscope:eqversion:60006.2(0.110)

Trust: 0.6

vendor:sshmodel:communications security sshscope:eqversion:1.2.31

Trust: 0.3

vendor:sshmodel:communications security sshscope:eqversion:1.2.30

Trust: 0.3

vendor:sshmodel:communications security sshscope:eqversion:1.2.29

Trust: 0.3

vendor:sshmodel:communications security sshscope:eqversion:1.2.28

Trust: 0.3

vendor:sshmodel:communications security sshscope:eqversion:1.2.27

Trust: 0.3

vendor:sshmodel:communications security sshscope:eqversion:1.2.26

Trust: 0.3

vendor:sshmodel:communications security sshscope:eqversion:1.2.25

Trust: 0.3

vendor:sshmodel:communications security sshscope:eqversion:1.2.24

Trust: 0.3

vendor:securemodel:computing safeword agent for sshscope:eqversion:1.0

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.2

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.1.1

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.1

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:1.2.3

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:1.2.2

Trust: 0.3

vendor:netscreenmodel:screenos r2scope:eqversion:3.1.1

Trust: 0.3

vendor:netscreenmodel:screenos r9scope:eqversion:3.1

Trust: 0.3

vendor:netscreenmodel:screenos r2scope:eqversion:3.1

Trust: 0.3

vendor:netscreenmodel:screenos r1scope:eqversion:3.1

Trust: 0.3

vendor:netscreenmodel:screenos r1.1scope:eqversion:3.0.3

Trust: 0.3

vendor:netscreenmodel:screenos r2scope:eqversion:3.0.1

Trust: 0.3

vendor:netscreenmodel:screenos r5scope:eqversion:2.6.1

Trust: 0.3

vendor:netscreenmodel:screenos r4scope:eqversion:2.6.1

Trust: 0.3

vendor:netscreenmodel:screenos r3scope:eqversion:2.6.1

Trust: 0.3

vendor:netscreenmodel:screenos r2scope:eqversion:2.6.1

Trust: 0.3

vendor:netscreenmodel:screenos r1scope:eqversion:2.6.1

Trust: 0.3

vendor:netscreenmodel:screenosscope:eqversion:2.6.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:5.3(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:5.2(5)

Trust: 0.3

vendor:ciscomodel:ios 12.1yascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xyscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.1xv

Trust: 0.3

vendor:ciscomodel:ios 12.1xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xkscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ezscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1eyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1exscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.10sscope: - version: -

Trust: 0.3

vendor:sshmodel:communications security ssh2scope:neversion:2.4

Trust: 0.3

vendor:sshmodel:communications security ssh2scope:neversion:2.3

Trust: 0.3

vendor:sshmodel:communications security ssh2scope:neversion:2.2

Trust: 0.3

vendor:sshmodel:communications security ssh2scope:neversion:2.1

Trust: 0.3

vendor:sshmodel:communications security ssh2scope:neversion:2.0

Trust: 0.3

vendor:opensshmodel:opensshscope:neversion:2.3

Trust: 0.3

vendor:ciscomodel:webns b11sscope:neversion:5.0

Trust: 0.3

vendor:ciscomodel:webns 1b6sscope:neversion:5.0

Trust: 0.3

vendor:ciscomodel:webns 0b22sscope:neversion:4.1

Trust: 0.3

vendor:ciscomodel:webns 1b42sscope:neversion:4.0

Trust: 0.3

vendor:ciscomodel:pix firewallscope:neversion:6.0(1)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:neversion:5.3(2)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:neversion:5.2(6)

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:12.2(3)

Trust: 0.3

vendor:ciscomodel:ios 12.2 tscope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 xascope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:12.2(1.1)

Trust: 0.3

vendor:ciscomodel:ios 12.2 xqscope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 xhscope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 xd1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 escope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 ec3scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 ez1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 eyscope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 yf2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 yd2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 yc1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 yb4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 xy6scope:neversion: -

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:12.1(5)xv3

Trust: 0.3

vendor:ciscomodel:ios 12.1 xu1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 xr2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 xg5scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 xm4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 xt3scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 xp4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 sscope:neversion: -

Trust: 0.3

vendor:ciscomodel:catalyst panscope:neversion:60006.3

Trust: 0.3

vendor:ciscomodel:catalystscope:neversion:60006.2(0.111)

Trust: 0.3

vendor:ciscomodel:catalystscope:neversion:60006.1(2.13)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:ios 12.2yhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ygscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2yfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ydscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ycscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ybscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2yascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xwscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xtscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xnscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xlscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xkscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ddscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2bcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2bscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yescope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0xv

Trust: 0.3

vendor:ciscomodel:ios 12.0xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0stscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0spscope: - version: -

Trust: 0.3

vendor:ciscomodel:css11000 content services switchscope: - version: -

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60007.1(2)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60007.1

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60006.3(4)

Trust: 0.3

vendor:ciscomodel:catalyst panscope:eqversion:60006.3

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60006.2(0.111)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60006.1(2.13)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60006.1(1)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.5(4)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.5(3)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.5(2)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.5(13)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.5(1)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.4.1

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.4(4)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.4(3)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.4(2)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.4(1)

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.4

Trust: 0.3

vendor:holgermodel:lamm pgp4pinescope:eqversion:1.75.6

Trust: 0.3

sources: CERT/CC: VU#290140 // CERT/CC: VU#13877 // CERT/CC: VU#25309 // CERT/CC: VU#945216 // CERT/CC: VU#566640 // CERT/CC: VU#315308 // VULMON: CVE-2001-0144 // BID: 2347 // BID: 5114 // BID: 2405 // CNNVD: CNNVD-200103-069 // NVD: CVE-2001-0144

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2001-0144
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#290140
value: 21.09

Trust: 0.8

CARNEGIE MELLON: VU#13877
value: 6.84

Trust: 0.8

CARNEGIE MELLON: VU#25309
value: 0.39

Trust: 0.8

CARNEGIE MELLON: VU#945216
value: 99.00

Trust: 0.8

CARNEGIE MELLON: VU#566640
value: 0.68

Trust: 0.8

CARNEGIE MELLON: VU#651994
value: 1.50

Trust: 0.8

CARNEGIE MELLON: VU#315308
value: 2.06

Trust: 0.8

CNNVD: CNNVD-200103-069
value: CRITICAL

Trust: 0.6

VUL-HUB: VH-CVE-2001-0144
value: HIGH RISK

Trust: 0.1

VULMON: CVE-2001-0144
value: HIGH

Trust: 0.1

VULMON: CVE-2001-0144
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VH-CVE-2001-0144
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#290140 // CERT/CC: VU#13877 // CERT/CC: VU#25309 // CERT/CC: VU#945216 // CERT/CC: VU#566640 // CERT/CC: VU#651994 // CERT/CC: VU#315308 // VULHUB: VH-CVE-2001-0144 // VULMON: CVE-2001-0144 // CNNVD: CNNVD-200103-069 // NVD: CVE-2001-0144

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0144

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 24431 // CNNVD: CNNVD-200103-069

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 5114 // BID: 2405

CONFIGURATIONS

sources: NVD: CVE-2001-0144

EXPLOIT AVAILABILITY

sources: VULHUB: VH-CVE-2001-0144 // VULMON: CVE-2001-0144

PATCH

title:LinuxFlawurl:https://github.com/mudongliang/linuxflaw

Trust: 0.1

title:cve-url:https://github.com/oneoy/cve-

Trust: 0.1

sources: VULMON: CVE-2001-0144

EXTERNAL IDS

db:CERT/CCid:VU#13877

Trust: 3.2

db:BIDid:2347

Trust: 2.8

db:CERT/CCid:VU#945216

Trust: 2.5

db:CERT/CCid:VU#25309

Trust: 2.4

db:NVDid:CVE-2001-0144

Trust: 1.8

db:OSVDBid:795

Trust: 1.7

db:OSVDBid:503

Trust: 1.7

db:XFid:6083

Trust: 1.5

db:BIDid:5114

Trust: 1.1

db:BIDid:2405

Trust: 1.1

db:XFid:6135

Trust: 0.9

db:XFid:6063

Trust: 0.9

db:CERT/CCid:VU#290140

Trust: 0.8

db:XFid:6449

Trust: 0.8

db:CERT/CCid:VU#566640

Trust: 0.8

db:BIDid:2335

Trust: 0.8

db:CERT/CCid:VU#651994

Trust: 0.8

db:XFid:6472

Trust: 0.8

db:CERT/CCid:VU#315308

Trust: 0.8

db:CNNVDid:CNNVD-200103-069

Trust: 0.7

db:BUGTRAQid:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 COMPENSATION ATTACK DETECTOR

Trust: 0.6

db:BINDVIEWid:20010208 REMOTE VULNERABILITY IN SSH DAEMON CRC32 COMPENSATION ATTACK DETECTOR

Trust: 0.6

db:CERT/CCid:CA-2001-35

Trust: 0.6

db:CNNVDid:CNNVD-200709-025

Trust: 0.1

db:VULHUBid:VH-CVE-2001-0144

Trust: 0.1

db:EXPLOIT-DBid:349

Trust: 0.1

db:VULMONid:CVE-2001-0144

Trust: 0.1

db:XFid:6115

Trust: 0.1

db:XFid:6075

Trust: 0.1

db:XFid:6149

Trust: 0.1

db:XFid:6145

Trust: 0.1

db:XFid:6136

Trust: 0.1

db:XFid:6065

Trust: 0.1

db:XFid:6157

Trust: 0.1

db:XFid:6058

Trust: 0.1

db:XFid:6161

Trust: 0.1

db:XFid:6109

Trust: 0.1

db:XFid:6121

Trust: 0.1

db:XFid:6062

Trust: 0.1

db:XFid:6137

Trust: 0.1

db:XFid:6101

Trust: 0.1

db:XFid:6089

Trust: 0.1

db:XFid:6072

Trust: 0.1

db:XFid:6143

Trust: 0.1

db:XFid:6084

Trust: 0.1

db:XFid:6100

Trust: 0.1

db:XFid:6080

Trust: 0.1

db:XFid:6071

Trust: 0.1

db:XFid:6073

Trust: 0.1

db:XFid:6116

Trust: 0.1

db:XFid:6144

Trust: 0.1

db:XFid:6104

Trust: 0.1

db:XFid:6094

Trust: 0.1

db:XFid:6087

Trust: 0.1

db:XFid:6090

Trust: 0.1

db:XFid:6046

Trust: 0.1

db:XFid:6056

Trust: 0.1

db:XFid:6060

Trust: 0.1

db:XFid:6130

Trust: 0.1

db:XFid:6092

Trust: 0.1

db:XFid:6118

Trust: 0.1

db:XFid:6117

Trust: 0.1

db:XFid:6098

Trust: 0.1

db:XFid:6156

Trust: 0.1

db:XFid:6113

Trust: 0.1

db:XFid:6067

Trust: 0.1

db:XFid:6064

Trust: 0.1

db:XFid:6045

Trust: 0.1

db:XFid:6147

Trust: 0.1

db:XFid:6095

Trust: 0.1

db:XFid:6131

Trust: 0.1

db:XFid:6114

Trust: 0.1

db:XFid:6134

Trust: 0.1

db:XFid:6074

Trust: 0.1

db:XFid:6044

Trust: 0.1

db:XFid:6112

Trust: 0.1

db:XFid:6077

Trust: 0.1

db:XFid:6148

Trust: 0.1

db:XFid:6146

Trust: 0.1

db:XFid:6078

Trust: 0.1

db:XFid:6110

Trust: 0.1

db:XFid:6132

Trust: 0.1

db:XFid:6099

Trust: 0.1

db:XFid:6079

Trust: 0.1

db:XFid:6102

Trust: 0.1

db:XFid:6096

Trust: 0.1

db:XFid:6142

Trust: 0.1

db:XFid:6091

Trust: 0.1

db:XFid:6158

Trust: 0.1

db:XFid:6162

Trust: 0.1

db:XFid:6163

Trust: 0.1

db:XFid:6155

Trust: 0.1

db:XFid:6081

Trust: 0.1

db:XFid:6160

Trust: 0.1

db:XFid:6111

Trust: 0.1

db:XFid:6152

Trust: 0.1

db:XFid:6068

Trust: 0.1

db:XFid:6043

Trust: 0.1

db:XFid:6076

Trust: 0.1

db:XFid:6103

Trust: 0.1

db:XFid:6070

Trust: 0.1

db:XFid:6133

Trust: 0.1

db:XFid:6153

Trust: 0.1

db:XFid:6082

Trust: 0.1

db:XFid:6124

Trust: 0.1

db:XFid:6061

Trust: 0.1

db:XFid:6066

Trust: 0.1

db:XFid:6097

Trust: 0.1

db:XFid:6105

Trust: 0.1

db:XFid:6159

Trust: 0.1

db:XFid:6069

Trust: 0.1

db:XFid:6093

Trust: 0.1

db:XFid:6139

Trust: 0.1

db:XFid:6151

Trust: 0.1

db:PACKETSTORMid:24431

Trust: 0.1

sources: CERT/CC: VU#290140 // CERT/CC: VU#13877 // CERT/CC: VU#25309 // CERT/CC: VU#945216 // CERT/CC: VU#566640 // CERT/CC: VU#651994 // CERT/CC: VU#315308 // VULHUB: VH-CVE-2001-0144 // VULMON: CVE-2001-0144 // BID: 2347 // BID: 5114 // BID: 2405 // PACKETSTORM: 24431 // CNNVD: CNNVD-200103-069 // NVD: CVE-2001-0144

REFERENCES

url:http://www.cert.org/advisories/ca-2001-35.html

Trust: 3.3

url:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html

Trust: 2.5

url:http://www.securityfocus.com/bid/2347

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/13877

Trust: 2.4

url:http://www.ssh.com/products/ssh/cert/

Trust: 2.4

url:http://www.kb.cert.org/vuls/id/945216

Trust: 1.7

url:http://www.osvdb.org/503

Trust: 1.7

url:http://www.osvdb.org/795

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/25309

Trust: 1.6

url:http://xforce.iss.net/static/6083.php

Trust: 1.5

url:http://www.cisco.com/warp/public/707/ssh-scanning.shtml

Trust: 1.1

url:http://www.cisco.com/warp/public/707/ssh-multiple-pub.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=98168366406903&w=2

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6083

Trust: 1.1

url:http://xforce.iss.net/static/6135.php

Trust: 0.9

url:http://xforce.iss.net/static/6063.php

Trust: 0.9

url:http://www.securityfocus.com/bid/5114

Trust: 0.8

url:http://www.corest.com/files/files/11/crc32.pdf

Trust: 0.8

url:http://www1.corest.com/common/showdoc.php?idx=131&idxseccion=10

Trust: 0.8

url:http://xforce.iss.net/static/6449.php

Trust: 0.8

url:http://www1.corest.com/common/showdoc.php?idx=81&idxsection=10#

Trust: 0.8

url:http://www.openssh.com/security.html

Trust: 0.8

url:http://www.ssh.com/products/ssh/advisories/ssh1_crc-32.cfm

Trust: 0.8

url:http://xforce.iss.net/alerts/advise100.php

Trust: 0.8

url:http://www.cryptnet.net/fcp/audit/pgp4pine/01.html

Trust: 0.8

url:http://www.securityfocus.com/bid/2405

Trust: 0.8

url:http://devrandom.net/lists/archives/2001/2/bugtraq/0383.html

Trust: 0.8

url:http://security-archive.merton.ox.ac.uk/bugtraq-200102/0389.html

Trust: 0.8

url:http://pgp4pine.flatline.de/

Trust: 0.8

url:http://www.securityfocus.com/bid/2335

Trust: 0.8

url:http://www.securityfocus.com/archive/1/160452

Trust: 0.8

url:http://xforce.iss.net/static/6472.php

Trust: 0.8

url:http://marc.theaimsgroup.com/?l=bugtraq&m=98168366406903&w=2

Trust: 0.6

url:http://www.netscreen.com/index.html

Trust: 0.3

url:http://www.netscreen.com/support/alerts/11_06_02.html

Trust: 0.3

url:http://support.coresecurity.com/impact/exploits/56f46f9564b53fc1bca5bef469b60df7.html

Trust: 0.3

url:/archive/1/298289

Trust: 0.3

url:/archive/1/298274

Trust: 0.3

url:/archive/1/298288

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/cisco-ssh-scanning-dos

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/349/

Trust: 0.1

url:http://xforce.iss.net/static/6144.php

Trust: 0.1

url:http://xforce.iss.net/static/6091.php

Trust: 0.1

url:http://xforce.iss.net/static/6149.php

Trust: 0.1

url:http://xforce.iss.net/static/6156.php

Trust: 0.1

url:http://xforce.iss.net/static/6153.php

Trust: 0.1

url:http://xforce.iss.net/static/6060.php

Trust: 0.1

url:http://xforce.iss.net/static/6078.php

Trust: 0.1

url:http://xforce.iss.net/static/6098.php

Trust: 0.1

url:https://www.iss.net

Trust: 0.1

url:http://xforce.iss.net/static/6103.php

Trust: 0.1

url:http://xforce.iss.net/static/6130.php

Trust: 0.1

url:http://xforce.iss.net/static/6109.php

Trust: 0.1

url:http://xforce.iss.net/static/6073.php

Trust: 0.1

url:http://xforce.iss.net/static/6061.php

Trust: 0.1

url:http://xforce.iss.net/static/6064.php

Trust: 0.1

url:http://xforce.iss.net/static/6043.php

Trust: 0.1

url:http://xforce.iss.net/static/6069.php

Trust: 0.1

url:http://xforce.iss.net/static/6114.php

Trust: 0.1

url:http://xforce.iss.net/static/6097.php

Trust: 0.1

url:http://xforce.iss.net/static/6145.php

Trust: 0.1

url:http://xforce.iss.net/static/6099.php

Trust: 0.1

url:http://xforce.iss.net/static/6151.php

Trust: 0.1

url:http://xforce.iss.net/static/6132.php

Trust: 0.1

url:http://xforce.iss.net/static/6148.php

Trust: 0.1

url:http://xforce.iss.net/static/6070.php

Trust: 0.1

url:http://xforce.iss.net/static/6118.php

Trust: 0.1

url:http://xforce.iss.net/static/6115.php

Trust: 0.1

url:http://xforce.iss.net/static/6062.php

Trust: 0.1

url:http://xforce.iss.net/static/6092.php

Trust: 0.1

url:http://xforce.iss.net/static/6105.php

Trust: 0.1

url:http://xforce.iss.net/static/6046.php

Trust: 0.1

url:http://xforce.iss.net/static/6157.php

Trust: 0.1

url:http://xforce.iss.net/static/6076.php

Trust: 0.1

url:http://xforce.iss.net/static/6111.php

Trust: 0.1

url:http://xforce.iss.net/static/6143.php

Trust: 0.1

url:http://xforce.iss.net/static/6045.php

Trust: 0.1

url:http://xforce.iss.net/static/6104.php

Trust: 0.1

url:http://xforce.iss.net/static/6124.php

Trust: 0.1

url:http://xforce.iss.net/static/6082.php

Trust: 0.1

url:http://xforce.iss.net/static/6116.php

Trust: 0.1

url:http://xforce.iss.net/static/6077.php

Trust: 0.1

url:http://xforce.iss.net/static/6152.php

Trust: 0.1

url:http://xforce.iss.net/static/6079.php

Trust: 0.1

url:http://xforce.iss.net/static/6084.php

Trust: 0.1

url:http://xforce.iss.net/static/6133.php

Trust: 0.1

url:http://xforce.iss.net/static/6160.php

Trust: 0.1

url:http://xforce.iss.net/static/6080.php

Trust: 0.1

url:http://xforce.iss.net/static/6044.php

Trust: 0.1

url:http://xforce.iss.net/

Trust: 0.1

url:http://xforce.iss.net/static/6089.php

Trust: 0.1

url:http://xforce.iss.net/static/6162.php

Trust: 0.1

url:http://xforce.iss.net/static/6137.php

Trust: 0.1

url:http://xforce.iss.net/static/6112.php

Trust: 0.1

url:http://xforce.iss.net/static/6147.php

Trust: 0.1

url:http://xforce.iss.net/static/6090.php

Trust: 0.1

url:http://xforce.iss.net/static/6117.php

Trust: 0.1

url:http://xforce.iss.net/static/6094.php

Trust: 0.1

url:http://xforce.iss.net/static/6056.php

Trust: 0.1

url:http://xforce.iss.net/static/6110.php

Trust: 0.1

url:http://xforce.iss.net/alerts/vol-6_num-4.php

Trust: 0.1

url:http://xforce.iss.net/static/6074.php

Trust: 0.1

url:http://xforce.iss.net/static/6155.php

Trust: 0.1

url:http://xforce.iss.net/static/6058.php

Trust: 0.1

url:http://xforce.iss.net/static/6102.php

Trust: 0.1

url:http://xforce.iss.net/static/6121.php

Trust: 0.1

url:http://xforce.iss.net/static/6139.php

Trust: 0.1

url:http://xforce.iss.net/static/6146.php

Trust: 0.1

url:http://xforce.iss.net/static/6081.php

Trust: 0.1

url:http://xforce.iss.net/static/6095.php

Trust: 0.1

url:http://xforce.iss.net/static/6071.php

Trust: 0.1

url:http://xforce.iss.net/static/6159.php

Trust: 0.1

url:http://xforce.iss.net/static/6134.php

Trust: 0.1

url:http://xforce.iss.net/static/6100.php

Trust: 0.1

url:http://xforce.iss.net/maillists/index.php

Trust: 0.1

url:http://xforce.iss.net/static/6101.php

Trust: 0.1

url:http://xforce.iss.net/static/6096.php

Trust: 0.1

url:http://xforce.iss.net/static/6066.php

Trust: 0.1

url:http://xforce.iss.net/static/6113.php

Trust: 0.1

url:http://xforce.iss.net/static/6093.php

Trust: 0.1

url:http://xforce.iss.net/static/6065.php

Trust: 0.1

url:http://xforce.iss.net/static/6087.php

Trust: 0.1

url:http://xforce.iss.net/static/6068.php

Trust: 0.1

url:http://xforce.iss.net/sensitive.php

Trust: 0.1

url:http://xforce.iss.net/static/6072.php

Trust: 0.1

url:http://xforce.iss.net/static/6158.php

Trust: 0.1

url:http://xforce.iss.net/static/6142.php

Trust: 0.1

url:http://xforce.iss.net/static/6067.php

Trust: 0.1

url:http://xforce.iss.net/static/6161.php

Trust: 0.1

url:http://xforce.iss.net/static/6136.php

Trust: 0.1

url:http://xforce.iss.net/static/6075.php

Trust: 0.1

url:http://xforce.iss.net/static/6131.php

Trust: 0.1

url:http://xforce.iss.net/static/6163.php

Trust: 0.1

sources: CERT/CC: VU#290140 // CERT/CC: VU#13877 // CERT/CC: VU#25309 // CERT/CC: VU#945216 // CERT/CC: VU#566640 // CERT/CC: VU#651994 // CERT/CC: VU#315308 // VULMON: CVE-2001-0144 // BID: 2347 // BID: 5114 // PACKETSTORM: 24431 // CNNVD: CNNVD-200103-069 // NVD: CVE-2001-0144

CREDITS

Michal Zalewski※ lcamtuf@echelon.pl

Trust: 0.6

sources: CNNVD: CNNVD-200103-069

SOURCES

db:CERT/CCid:VU#290140
db:CERT/CCid:VU#13877
db:CERT/CCid:VU#25309
db:CERT/CCid:VU#945216
db:CERT/CCid:VU#566640
db:CERT/CCid:VU#651994
db:CERT/CCid:VU#315308
db:VULHUBid:VH-CVE-2001-0144
db:VULMONid:CVE-2001-0144
db:BIDid:2347
db:BIDid:5114
db:BIDid:2405
db:PACKETSTORMid:24431
db:CNNVDid:CNNVD-200103-069
db:NVDid:CVE-2001-0144

LAST UPDATE DATE

2022-05-06T10:37:41.899000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#290140date:2002-12-12T00:00:00
db:CERT/CCid:VU#13877date:2003-05-20T00:00:00
db:CERT/CCid:VU#25309date:2002-03-05T00:00:00
db:CERT/CCid:VU#945216date:2003-05-20T00:00:00
db:CERT/CCid:VU#566640date:2002-01-15T00:00:00
db:CERT/CCid:VU#651994date:2001-06-26T00:00:00
db:CERT/CCid:VU#315308date:2002-03-05T00:00:00
db:VULHUBid:VH-CVE-2001-0144date:2018-05-03T00:00:00
db:VULMONid:CVE-2001-0144date:2018-05-03T00:00:00
db:BIDid:2347date:2001-02-08T00:00:00
db:BIDid:5114date:2002-06-27T00:00:00
db:BIDid:2405date:2001-02-20T00:00:00
db:CNNVDid:CNNVD-200103-069date:2006-09-05T00:00:00
db:NVDid:CVE-2001-0144date:2018-05-03T01:29:00

SOURCES RELEASE DATE

db:CERT/CCid:VU#290140date:2002-06-27T00:00:00
db:CERT/CCid:VU#13877date:2001-11-07T00:00:00
db:CERT/CCid:VU#25309date:2000-09-26T00:00:00
db:CERT/CCid:VU#945216date:2001-10-24T00:00:00
db:CERT/CCid:VU#566640date:2001-07-12T00:00:00
db:CERT/CCid:VU#651994date:2001-05-16T00:00:00
db:CERT/CCid:VU#315308date:2001-01-18T00:00:00
db:VULHUBid:VH-CVE-2001-0144date:2001-03-12T00:00:00
db:VULMONid:CVE-2001-0144date:2001-03-12T00:00:00
db:BIDid:2347date:2001-02-08T00:00:00
db:BIDid:5114date:2002-06-27T00:00:00
db:BIDid:2405date:2001-02-20T00:00:00
db:PACKETSTORMid:24431date:2001-03-13T23:54:42
db:CNNVDid:CNNVD-200103-069date:2001-02-08T00:00:00
db:NVDid:CVE-2001-0144date:2001-03-12T05:00:00