CVE-2001-1380

Current Description

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

Basic Data

PublishedOctober 18, 2001
Last ModifiedMay 03, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOpenbsdOpenssh********2.9.9

Vulnerable Software List

VendorProductVersions
Openbsd Openssh *

References

NameSourceURLTags
CLSA-2001:431http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431CONECTIVA
IMNX-2001-70-034-01http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01IMMUNIX
20010926 OpenSSH Security Advisory (adv.option)http://marc.info/?l=bugtraq&m=100154541809940&w=2BUGTRAQ
RHSA-2001:114http://rhn.redhat.com/errata/RHSA-2001-114.htmlREDHATPatch Vendor Advisory
M-010http://www.ciac.org/ciac/bulletins/m-010.shtmlCIAC
VU#905795http://www.kb.cert.org/vuls/id/905795CERT-VNUS Government Resource
MDKSA-2001:081http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.phpMANDRAKE
642http://www.osvdb.org/642OSVDB
3369http://www.securityfocus.com/bid/3369BID
openssh-access-control-bypass(7179)https://exchange.xforce.ibmcloud.com/vulnerabilities/7179XF