Several protocols which implement the digital enveloping method, described in version 1.5 of the PKCS #1 standard, are susceptible to an adaptive ciphertext attack. This allows the recovery of session keys, thus compromising the integrity of the data transmitting during that session. The data encryption techniques described in RSA's PKCS #1 standard are used in many protocols which rely on, at least in part, the security provided by public-key cryptography systems.

It is possible for a remote attacker to decrypt and/or alter traffic via an attack on PKCS#1 version 1.5 knows as a Bleichenbacher attack. OpenSSH up to version 2.3.0, AppGate, and SSH Communications Security ssh-1 up to version 1.2.31 have the vulnerability present, although it may not be exploitable due to configurations.

For a more detailed explanation on the Bleichenbacher attack, please read CERT VU 888801 and CERT VU 997481.

Upgrade to the latest version of SSH software and disable the SSH 1 protocol.

• CVE ID: 2001-0361 (see also: NVD)
• Bugtraq ID: 2344
• ISS X-Force ID: 6082
• Related OSVDB ID: 729
• CERT VU: 888801 997481
• Vendor Specific Advisory URL: http://www.cisco.com/en/US/tech/tk583/tk617/technologies_security_advisory09186a00800b168e.shtml [ Link is 404 ]
  http://www.cisco.com/warp/public/707/cisco-sa-20010627-ssh.shtml
  http://www.debian.org/security/2001/dsa-027
• Generic Informational URL: http://www.securityfocus.com/archive/1/161150

Unknown or Incomplete