CVE-2001-0259

ssh <1.2.27-1.2.30 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0259. PoCs published by Richard Silverman.

AI-analyzed exploit summary This exploit leverages a design flaw in SSH1's key-sharing mechanism with NIS+ to retrieve a user's SUN-DES-1 magic phrase, which can be used to decrypt their private key. It uses the `key_encryptsession` function to extract the magic phrase for a given UID and netname.

Description

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Richard Silverman · clocalunix
https://www.exploit-db.com/exploits/20560

This exploit leverages a design flaw in SSH1's key-sharing mechanism with NIS+ to retrieve a user's SUN-DES-1 magic phrase, which can be used to decrypt their private key. It uses the `key_encryptsession` function to extract the magic phrase for a given UID and netname.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: SSH Communications Security SSH1 (affects SSH2 series)
No auth needed
Prerequisites: Access to the same host as the target user · NIS+ environment with SUN-DES-1 key sharing
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory x_refsource_confirm
http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2222
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5963
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html

Scores

EPSS 0.0084
EPSS Percentile 53.3%

Details

Status published
Products (4)
ssh/ssh 1.2.27
ssh/ssh 1.2.28
ssh/ssh 1.2.29
ssh/ssh 1.2.30
Published Jun 02, 2001
Tracked Since Feb 18, 2026