| VID |
14028 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
The SSH server, according to its version number, allows any user to log into accounts with short password fields. SSH (Secure Shell) is a client-server program for authentication and encryption of network communications. SSH version 3.0.0 on Unix platforms could allow a remote attacker to gain unauthorized access to accounts that have password lengths of less than 3 characters. Due to the nature of this problem, it may be possible to log in to a vulnerable system using one of the affected accounts with any password. The attacker may gain root privileges using this flaw.
* References:
http://www.iss.net/security_center/static/6868.php
http://www.securityfocus.com/bid/3078 |
| Recommendation |
Upgrade to the latest version of SSH (3.0.1 or later), as listed in the SSH Secure Shell 3.0.0 Security Advisory, "Secure Shell Potential Remote Root Exploit" at http://www.ssh.com/products/ssh/exploit.cfm |
| Related URL |
CVE-2001-0553 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
