Information Disclosure Vulnerability in Secure Shell of HP Tru64 UNIX
CVE-2007-2791

Currently unrated

Key Information:

Vendor: HP
Status: Tru64
Vendor: CVE Published:; 22 May 2007

Summary

An unspecified vulnerability in the Secure Shell (SSH) of HP Tru64 UNIX versions 5.1B-4 and 5.1B-3 may allow remote attackers to identify valid users. This vulnerability is likely linked to timing attacks and may involve factors such as AuthInteractiveFailureRandomTimeout. Exploiting this vulnerability could lead to unauthorized information disclosure, increasing the risk of further attacks on the affected systems.

References

http://www.vupen.com/english/advisories/2007/1851

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1018065

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/24036

third-party-advisoryx_refsource_SECUNIA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 22, 2007
Vulnerability Reserved
May 21, 2007