CVE-2004-2760

Current Description

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.

Basic Data

PublishedDecember 31, 2004
Last ModifiedJanuary 29, 2009
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-16
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOpenbsdOpenssh3.5*******
    2.3ApplicationOpenbsdOpenssh3.5p1*******

Vulnerable Software List

VendorProductVersions
Openbsd Openssh 3.5, 3.5p1

References

NameSourceURLTags
20040412 BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.htmlBUGTRAQ
4100http://securityreason.com/securityalert/4100SREASON
20040413 Re: Fwd: [BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)]http://www.securityfocus.com/archive/1/360198BUGTRAQ