Lucene search
+L

249 matches found

CVE
CVE
•added 2002/03/09 5:0 a.m.•70 views

CVE-1999-1085

The CVE-1999-1085 issue affects SSH1 protocol implementations (notably OpenSSH and SSH1-supporting SSH stacks) in CBC or CFB mode. A CRC-32 checksum weakness enables a known-plaintext attack to insert arbitrary data into an existing SSH stream between client and server, potentially allowing an at...

5CVSS9.3AI score0.03211EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
•added 2001/05/07 4:0 a.m.•39 views

CVE-2001-0144

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow...

7.3AI score0.32416EPSS
Exploits1References7
CVE
CVE
•added 2001/05/07 4:0 a.m.•166 views

CVE-2001-0144

Technical details about CVE-2001-0144 are not provided in the connected documents. The Initial Description notes an SSH1 CRC-32 overflow issue, but no vendor/version/exploit data is supplied here. Monitor for updates and disclose when more info becomes public.

10CVSS7.4AI score0.32416EPSS
Exploits1References7Affected Software2
Positive Technologies
Positive Technologies
•added 2001/03/12 12:0 a.m.•14 views

PT-2001-1377 Ā· Core SdiĀ +1 Ā· Core Sdi Ssh1Ā +1

Name of the Vulnerable Software and Affected Versions: CORE SDI SSH1 affected versions not specified Description: The issue allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow in the CRC-32 compensation attack detector. Recommendations: At the...

10CVSS8.6AI score0.99506EPSS
Exploits208References342
securityvulns
securityvulns
•added 2001/02/10 12:0 a.m.•92 views

[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable:...

10CVSS0.1AI score0.32416EPSS
Exploits1
Tenable Nessus
Tenable Nessus
•added 2001/02/09 12:0 a.m.•181 views

SSH CRC-32 Compensation Attack Remote Overflow

The remote host is running a version of SSH that is older than version 1.2.32, or a version of OpenSSH that is older than 2.3.0. The remote version of this software is vulnerable to a flaw known as a 'CRC-32 compensation attack' that could allow an attacker to gain a root shell on this host. C...

10CVSS7.7AI score0.32416EPSS
Exploits1References1
CERT
CERT
•added 2001/01/18 12:0 a.m.•26 views

Weak CRC allows last block of IDEA-encrypted SSH packet to be changed without notice

Overview There is an information integrity vulnerability in the SSH1 protocol that allows the last block of an IDEA-encrypted session to be modified without notice. Description Preconditions: Session is encrypted using IDEA cipher. Compression is disabled. SSH clients configured to use the IDEA...

6.7AI score
Exploits0References3
CERT
CERT
•added 2000/09/26 12:0 a.m.•28 views

Weak CRC allows RC4 encrypted SSH1 packets to be modified without notice

Overview There is an information integrity vulnerability in the SSH1 protocol that allows RC4 encrypted packets to be modified without notice. Description Preconditions: Client has requested RC4 and server supports it. Compression is disabled. When using the RC4 stream cipher, SSH1 uses a cyclic...

7AI score
Exploits0References2
NVD
NVD
•added 1998/06/12 4:0 a.m.•13 views

CVE-1999-1085

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum...

5CVSS0.03211EPSS
Exploits0References4
Rows per page
Query Builder