SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Secure_shell_for_servers | Ssh | 3.0 (including) | 3.0 (including) |
| Secure_shell_for_servers | Ssh | 3.0.1 (including) | 3.0.1 (including) |
| Secure_shell_for_servers | Ssh | 3.1 (including) | 3.1 (including) |
| Secure_shell_for_servers | Ssh | 3.1.1 (including) | 3.1.1 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html
- http://www.ciac.org/ciac/bulletins/m-081.shtml
- http://www.kb.cert.org/vuls/id/341187
- http://www.securityfocus.com/bid/4810
- http://www.ssh.com/company/newsroom/article/201/
- http://www.ssh.com/products/ssh/advisories/authentication.cfm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9163
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html
- http://www.ciac.org/ciac/bulletins/m-081.shtml
- http://www.kb.cert.org/vuls/id/341187
- http://www.securityfocus.com/bid/4810
- http://www.ssh.com/company/newsroom/article/201/
- http://www.ssh.com/products/ssh/advisories/authentication.cfm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9163