CVE-2001-0553

SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html	Exploit Patch Vendor Advisory
http://www.ssh.com/products/ssh/exploit.cfm
http://www.kb.cert.org/vuls/id/737451	US Government Resource
http://www.ciac.org/ciac/bulletins/l-121.shtml
http://www.securityfocus.com/bid/3078
http://www.osvdb.org/586
https://exchange.xforce.ibmcloud.com/vulnerabilities/6868

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:ssh:secure_shell:3.0.0:*:*:*:*:*:*:*

Information

Published : 2001-08-13 21:00

Updated : 2017-10-09 18:29

NVD link : CVE-2001-0553

Mitre link : CVE-2001-0553

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ssh

secure_shell

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html", "name": "20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.ssh.com/products/ssh/exploit.cfm", "name": "http://www.ssh.com/products/ssh/exploit.cfm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/737451", "name": "VU#737451", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.ciac.org/ciac/bulletins/l-121.shtml", "name": "L-121", "tags": [], "refsource": "CIAC"}, {"url": "http://www.securityfocus.com/bid/3078", "name": "3078", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/586", "name": "586", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6868", "name": "ssh-password-length-unauth-access(6868)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use \"NP\" in the password field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0553", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-08-14T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ssh:secure_shell:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:29Z"}