CVE-2001-0259
First published: Mon May 07 2001(Updated: )
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SSH (Secure Shell) | =1.2.27 | |
| SSH (Secure Shell) | =1.2.28 | |
| SSH (Secure Shell) | =1.2.29 | |
| SSH (Secure Shell) | =1.2.30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0259?
CVE-2001-0259 is considered to be a moderate severity vulnerability due to its potential to allow local attackers to recover sensitive information.
How do I fix CVE-2001-0259?
To fix CVE-2001-0259, upgrade to a version of SSH that is not affected, specifically versions later than 1.2.30.
Who is impacted by CVE-2001-0259?
CVE-2001-0259 impacts users of SSH versions 1.2.27 through 1.2.30 that utilize Secure-RPC.
What type of attacks can exploit CVE-2001-0259?
CVE-2001-0259 can be exploited by local attackers who gain access to the machine to recover the SUN-DES-1 magic phrase.
Does CVE-2001-0259 affect SSH key management?
Yes, CVE-2001-0259 directly affects SSH key management by potentially allowing unauthorized access to users' private keys.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ssh
- canonical/ssh (secure shell)
- version/ssh (secure shell)/1.2.27
- version/ssh (secure shell)/1.2.28
- version/ssh (secure shell)/1.2.29
- version/ssh (secure shell)/1.2.30