Remote Decryption and Alteration Vulnerability in OpenSSH and Other SSH Products
CVE-2001-0361

Currently unrated

Key Information:

Vendor: OpenBSD
Status: Openssh; Ssh
Vendor: CVE Published:; 27 June 2001

What is CVE-2001-0361?

Certain configurations of SSH implementations, including OpenSSH up to version 2.3.0, AppGate, and ssh-1 up to version 1.2.31, are susceptible to a serious vulnerability. This flaw allows remote attackers to exploit a Bleichenbacher attack targeted at PKCS#1 version 1.5. Successfully executing this attack enables the attacker to decrypt sensitive traffic or manipulate data, posing significant security risks to communications that rely on this protocol for confidentiality and integrity.

References

http://www.securityfocus.com/bid/2344

vdb-entryx_refsource_BID

http://www.osvdb.org/2116

vdb-entryx_refsource_OSVDB

http://www.debian.org/security/2001/dsa-027

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2001
Vulnerability Reserved
May 24, 2001

OpenBSD

What is CVE-2001-0361?

References

Timeline