Debian Security Advisory
ssh -- remote exploit in ssh
- Date Reported:
- 15 Dec 1999
- Affected Packages:
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 2347.
In Mitre's CVE dictionary: CVE-2001-0144.
- More information:
An advisory released by Core-SDI indicates that a
combination of bugs in ssh and the rsaref2 library can be exploited to gain
remote access to a host running the vulnerable program. The version of ssh in
Debian is not linked against rsaref2, and is not vulnerable
as shipped. Note that if you compile a local copy of ssh with the rsaref2
library, your local copy may be vulnerable. See the advisory at CoreLabs Advisories - CORE-1201999
for more information.
Any software that uses the rsaref2 library could be vulnerable.