Debian Security Advisory

ssh -- remote exploit in ssh

Date Reported:
15 Dec 1999
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 2347.
In Mitre's CVE dictionary: CVE-2001-0144.
More information:
An advisory released by Core-SDI indicates that a combination of bugs in ssh and the rsaref2 library can be exploited to gain remote access to a host running the vulnerable program. The version of ssh in Debian is not linked against rsaref2, and is not vulnerable as shipped. Note that if you compile a local copy of ssh with the rsaref2 library, your local copy may be vulnerable. See the advisory at CoreLabs Advisories - CORE-1201999 for more information.

Any software that uses the rsaref2 library could be vulnerable.