Info

Disclosure

Jun 30, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

SSH Tectia Server and SSH Secure Shell for Windows contains a flaw that may allow a malicious user to obtain the server host identification key caused by insufficient file permissions. It is possible that the flaw may allow an attacker to access the host identification key without the required administrative privileges. This key could then be copied and installed on a malicious server to masquerade as the original server.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

SSH Communications Security	SSH Tectia Server	4.3.1
SSH Communications Security	SSH Secure Shell	3.2

References

Security Tracker: 1014343 1014344
Bugtraq ID: 14116
Secunia Advisory ID: 15894
CVE ID: 2005-2146 (see also: NVD)
ISS X-Force ID: 21217
Vendor Specific Advisory URL: http://www.ssh.com/company/newsroom/article/653/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

SSH Communications Security

SSH Tectia Server

SSH Secure Shell

References

Credit