CVE-2001-0361
OpenSSH < 2.3.0 and ssh < 1.2.31 - Traffic Decryption and Alteration via Bleichenbacher Attack
Title source: llmDescription
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
References (10)
Core 10
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2344
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/2116
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2001/dsa-027
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2001/dsa-023
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6082
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/l-047.shtml
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2001/dsa-086
Various Sources vendor-advisory
x_refsource_freebsd
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=98158450021686&w=2
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/adv004_ssh.html
Scores
EPSS
0.0131
EPSS Percentile
80.0%
Details
CWE
CWE-310
Status
published
Products (4)
openbsd/openssh
1.2.3
openbsd/openssh
2.1
openbsd/openssh
2.1.1
ssh/ssh
< 1.2.31
Published
Jun 27, 2001
Tracked Since
Feb 18, 2026