CVE-2000-0575
First published: Wed Jul 05 2000(Updated: )
SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SSH (Secure Shell) | =1.2.27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2000-0575?
CVE-2000-0575 is considered a moderate severity vulnerability due to the risk of Kerberos ticket sniffing.
How do I fix CVE-2000-0575?
To fix CVE-2000-0575, upgrade to a newer version of SSH that does not store Kerberos tickets in the current directory.
What software is affected by CVE-2000-0575?
CVE-2000-0575 affects SSH version 1.2.27 with Kerberos authentication support.
Can CVE-2000-0575 be exploited remotely?
Yes, CVE-2000-0575 can be exploited by remote attackers who can sniff the ticket cache stored in an accessible directory.
What conditions increase the risk of CVE-2000-0575?
The risk of CVE-2000-0575 is increased if the user's home directory is located on an NFS filesystem.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ssh
- canonical/ssh (secure shell)
- version/ssh (secure shell)/1.2.27