CVE-2007-0726
First published: Tue Mar 13 2007(Updated: )
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | =10.4.3 | |
| Apple macOS Server | =10.4.3 | |
| Apple iOS and macOS | =10.4.1 | |
| Apple macOS Server | =10.4.2 | |
| Apple macOS Server | =10.4.4 | |
| Apple macOS Server | =10.4.1 | |
| Apple iOS and macOS | =10.4.7 | |
| Apple iOS and macOS | =10.4.4 | |
| Apple macOS Server | =10.4 | |
| Apple macOS Server | =10.4.5 | |
| Apple iOS and macOS | =10.4 | |
| Apple macOS Server | =10.4.6 | |
| Apple macOS Server | =10.3.9 | |
| Apple macOS Server | =10.4.8 | |
| Apple iOS and macOS | =10.4.6 | |
| Apple iOS and macOS | =10.4.5 | |
| Apple iOS and macOS | =10.3.9 | |
| Apple iOS and macOS | =10.4.8 | |
| Apple macOS Server | =10.4.7 | |
| Apple iOS and macOS | =10.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://docs.info.apple.com/article.html?artnum=305214
- http://www.securityfocus.com/bid/22948
- http://www.securitytracker.com/id?1017756
- http://secunia.com/advisories/24479
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.osvdb.org/34850
- http://www.vupen.com/english/advisories/2007/0930
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32975
Frequently Asked Questions
What is the severity of CVE-2007-0726?
CVE-2007-0726 has a moderate severity rating as it can lead to denial of service in affected systems.
How do I fix CVE-2007-0726?
To fix CVE-2007-0726, users should upgrade to a patched version of OpenSSH or apply the relevant security updates provided by Apple.
Which versions of macOS are affected by CVE-2007-0726?
CVE-2007-0726 affects Apple Mac OS X versions 10.3.9 and 10.4 through 10.4.8.
What vulnerability does CVE-2007-0726 exploit?
CVE-2007-0726 exploits a flaw in the SSH key generation process that allows remote attackers to cause a denial of service.
What are the implications of CVE-2007-0726 on SSH key trust relationships?
CVE-2007-0726 can break trust relationships by causing SSH to regenerate keys during an active connection, potentially compromising security.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.4.3
- canonical/apple macos server
- version/apple macos server/10.4.3
- version/apple ios and macos/10.4.1
- version/apple macos server/10.4.2
- version/apple macos server/10.4.4
- version/apple macos server/10.4.1
- version/apple ios and macos/10.4.7
- version/apple ios and macos/10.4.4
- version/apple macos server/10.4
- version/apple macos server/10.4.5
- version/apple ios and macos/10.4
- version/apple macos server/10.4.6
- version/apple macos server/10.3.9
- version/apple macos server/10.4.8
- version/apple ios and macos/10.4.6
- version/apple ios and macos/10.4.5
- version/apple ios and macos/10.3.9
- version/apple ios and macos/10.4.8
- version/apple macos server/10.4.7
- version/apple ios and macos/10.4.2