Security Information / 1999 / Security Information -- ssh

Debian Security Advisory

ssh -- remote exploit in ssh

Date Reported:

15 Dec 1999

Affected Packages:

ssh

Vulnerable:

No

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 2347.
In Mitre's CVE dictionary: CVE-2001-0144.

More information:

An advisory released by Core-SDI indicates that a combination of bugs in ssh and the rsaref2 library can be exploited to gain remote access to a host running the vulnerable program. The version of ssh in Debian is not linked against rsaref2, and is not vulnerable as shipped. Note that if you compile a local copy of ssh with the rsaref2 library, your local copy may be vulnerable. See the advisory at CoreLabs Advisories - CORE-1201999 for more information.

Any software that uses the rsaref2 library could be vulnerable.