What is the severity of CVE-2012-5975?

CVE-2012-5975 has a medium severity rating, indicating potential issues with authentication bypass.

How do I fix CVE-2012-5975?

To fix CVE-2012-5975, update your SSH Tectia Server to a version later than 6.3.2 where the vulnerability is patched.

What systems are affected by CVE-2012-5975?

CVE-2012-5975 affects SSH Tectia Server versions 6.0.4 to 6.3.2 on UNIX and Linux systems.

Can CVE-2012-5975 be exploited remotely?

Yes, CVE-2012-5975 allows remote attackers to bypass authentication under specific conditions.

Is old-style password authentication a risk with CVE-2012-5975?

Yes, the vulnerability is particularly concerning when old-style password authentication is enabled.

Vulnerability/
CVE-2012-5975

critical

9.3

CWE

287

4/12/2012

17/9/2024

CVE-2012-5975

First published: Tue Dec 04 2012(Updated: )

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SSH Tectia Server	=6.0.4
SSH Tectia Server	=6.0.5
SSH Tectia Server	=6.0.6
SSH Tectia Server	=6.0.7
SSH Tectia Server	=6.0.8
SSH Tectia Server	=6.0.9
SSH Tectia Server	=6.0.10
SSH Tectia Server	=6.0.11
SSH Tectia Server	=6.0.12
SSH Tectia Server	=6.0.13
SSH Tectia Server	=6.0.14
SSH Tectia Server	=6.0.17
SSH Tectia Server	=6.0.18
SSH Tectia Server	=6.0.19
SSH Tectia Server	=6.0.20.
SSH Tectia Server	=6.1.0
SSH Tectia Server	=6.1.1
SSH Tectia Server	=6.1.2
SSH Tectia Server	=6.1.3
SSH Tectia Server	=6.1.4
SSH Tectia Server	=6.1.5
SSH Tectia Server	=6.1.6
SSH Tectia Server	=6.1.7
SSH Tectia Server	=6.1.8
SSH Tectia Server	=6.1.9
SSH Tectia Server	=6.1.12
SSH Tectia Server	=6.2.0
SSH Tectia Server	=6.2.1
SSH Tectia Server	=6.2.2
SSH Tectia Server	=6.2.3
SSH Tectia Server	=6.2.4
SSH Tectia Server	=6.2.5
SSH Tectia Server	=6.3.0
SSH Tectia Server	=6.3.1
SSH Tectia Server	=6.3.2
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-5975?
CVE-2012-5975 has a medium severity rating, indicating potential issues with authentication bypass.
How do I fix CVE-2012-5975?
To fix CVE-2012-5975, update your SSH Tectia Server to a version later than 6.3.2 where the vulnerability is patched.
What systems are affected by CVE-2012-5975?
CVE-2012-5975 affects SSH Tectia Server versions 6.0.4 to 6.3.2 on UNIX and Linux systems.
Can CVE-2012-5975 be exploited remotely?
Yes, CVE-2012-5975 allows remote attackers to bypass authentication under specific conditions.
Is old-style password authentication a risk with CVE-2012-5975?
Yes, the vulnerability is particularly concerning when old-style password authentication is enabled.

agent/references
agent/type
agent/severity
agent/softwarecombine
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ssh
canonical/ssh tectia server
version/ssh tectia server/6.0.4
version/ssh tectia server/6.0.5
version/ssh tectia server/6.0.6
version/ssh tectia server/6.0.7
version/ssh tectia server/6.0.8
version/ssh tectia server/6.0.9
version/ssh tectia server/6.0.10
version/ssh tectia server/6.0.11
version/ssh tectia server/6.0.12
version/ssh tectia server/6.0.13
version/ssh tectia server/6.0.14
version/ssh tectia server/6.0.17
version/ssh tectia server/6.0.18
version/ssh tectia server/6.0.19
version/ssh tectia server/6.0.20.
version/ssh tectia server/6.1.0
version/ssh tectia server/6.1.1
version/ssh tectia server/6.1.2
version/ssh tectia server/6.1.3
version/ssh tectia server/6.1.4
version/ssh tectia server/6.1.5
version/ssh tectia server/6.1.6
version/ssh tectia server/6.1.7
version/ssh tectia server/6.1.8
version/ssh tectia server/6.1.9
version/ssh tectia server/6.1.12
version/ssh tectia server/6.2.0
version/ssh tectia server/6.2.1
version/ssh tectia server/6.2.2
version/ssh tectia server/6.2.3
version/ssh tectia server/6.2.4
version/ssh tectia server/6.2.5
version/ssh tectia server/6.3.0
version/ssh tectia server/6.3.1
version/ssh tectia server/6.3.2
vendor/linux
canonical/linux kernel

Frequently Asked Questions

What is the severity of CVE-2012-5975?
CVE-2012-5975 has a medium severity rating, indicating potential issues with authentication bypass.
How do I fix CVE-2012-5975?
To fix CVE-2012-5975, update your SSH Tectia Server to a version later than 6.3.2 where the vulnerability is patched.
What systems are affected by CVE-2012-5975?
CVE-2012-5975 affects SSH Tectia Server versions 6.0.4 to 6.3.2 on UNIX and Linux systems.
Can CVE-2012-5975 be exploited remotely?
Yes, CVE-2012-5975 allows remote attackers to bypass authentication under specific conditions.
Is old-style password authentication a risk with CVE-2012-5975?
Yes, the vulnerability is particularly concerning when old-style password authentication is enabled.

CVE-2012-5975

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-5975?

How do I fix CVE-2012-5975?

What systems are affected by CVE-2012-5975?

Can CVE-2012-5975 be exploited remotely?

Is old-style password authentication a risk with CVE-2012-5975?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-5975?

How do I fix CVE-2012-5975?

What systems are affected by CVE-2012-5975?

Can CVE-2012-5975 be exploited remotely?

Is old-style password authentication a risk with CVE-2012-5975?