Info

Disclosure

Jan 01, 1999

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Any SSH server may contain a flaw that may allow a malicious user to log in without authorization. The issue is triggered when an .shosts file is used for authentication. It is possible that the flaw may allow unauthorized login resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Unknown
OSVDB: Best Practice

Solution

It is possible to correct the flaw by implementing the following workaround(s): Disable .shosts authentication.

Products

All Vendors

SSH Server

All Versions

References

CVE ID: 1999-0547 (see also: NVD)
ISS X-Force ID: 315
Related OSVDB ID: 6246

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218