7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
24.8%
Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named “cookies” accessible via the computer running sshd.
sshd is the server software used to support ssh, a popular encryted connection program. Some versions of OpenSSH fail to handle temporary files in a secure fashion, allowing their removal during an ssh session. This removal may be reflected in the removal of files named “cookies” on the server. Since sshd runs setuid root, ownership and protection of the “cookies” file will be disregarded.
Using this exploit, an attacker may cause loss of data, particularly web location data used in many web sites.
Apply vendor patches; see the Systems Affected section below.
655259
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 03, 2001 Updated: August 09, 2001
Affected
<http://www.caldera.com/support/security/advisories/CSSA-2001-023.0.txt>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23655259 Feedback>).
Notified: June 04, 2001 Updated: November 15, 2001
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-1666.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23655259 Feedback>).
Notified: June 04, 2001 Updated: November 15, 2001
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-1654.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23655259 Feedback>).
Updated: July 31, 2001
Affected
<ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23655259 Feedback>).
Notified: June 12, 2001 Updated: August 21, 2001
Affected
<http://www.openbsd.org/errata.html#sshcookie>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23655259 Feedback>).
Notified: June 12, 2001 Updated: August 21, 2001
Affected
<http://www.openbsd.org/errata.html#sshcookie>
The vendor has not provided us with any further information regarding this vulnerability.
A patch to fix this problem is available at
<ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23655259 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was initially reported on the Bugtraq discussion list.
This document was last modified by Tim Shimeall.
CVE IDs: | CVE-2001-0529 |
---|---|
Severity Metric: | 0.76 Date Public: |