CVE-2001-0361

Description

Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

References

Link	Tags
http://www.securityfocus.com/bid/2344	vdb entry patch vendor advisory
http://www.osvdb.org/2116	vdb entry
http://www.debian.org/security/2001/dsa-027	vendor advisory
http://www.debian.org/security/2001/dsa-023	vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6082	vdb entry
http://www.ciac.org/ciac/bulletins/l-047.shtml	third party advisory government resource
http://www.debian.org/security/2001/dsa-086	vendor advisory
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc	vendor advisory
http://marc.info/?l=bugtraq&m=98158450021686&w=2	mailing list
http://www.novell.com/linux/security/advisories/adv004_ssh.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2001-0361?: CVE-2001-0361 has been scored as a medium severity vulnerability.
How to fix CVE-2001-0361?: To fix CVE-2001-0361, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2001-0361 being actively exploited in the wild?: It is possible that CVE-2001-0361 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-310 – Cryptographic Issues

References

Frequently Asked Questions