SSH Communications SSH Tectia Server Private Key Disclosure Vulnerability
BID:9956
Info
SSH Communications SSH Tectia Server Private Key Disclosure Vulnerability
| Bugtraq ID: | 9956 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 23 2004 12:00AM |
| Updated: | Mar 23 2004 12:00AM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
SSH Communications Security Tectia Server 4.0.4 SSH Communications Security Tectia Server 4.0.3 |
| Not Vulnerable: |
SSH Communications Security Tectia Server 4.0.5 |
Discussion
SSH Communications SSH Tectia Server Private Key Disclosure Vulnerability
It has been reported that SSH Tectia Server may be prone to a private key disclosure vulnerability due to an unspecified weakness in the password change mechanism functionality employed by the server. Because of this, a local attacker may be able to gain access to the private host key of a vulnerable system. It has been reported that the password change mechanism is not enabled by default.
SSH Tectia Server for Unix versions 4.0.3 and 4.0.4 are affected by this issue. Tectia Server for Windows is not vulnerable to this issue.
It has been reported that SSH Tectia Server may be prone to a private key disclosure vulnerability due to an unspecified weakness in the password change mechanism functionality employed by the server. Because of this, a local attacker may be able to gain access to the private host key of a vulnerable system. It has been reported that the password change mechanism is not enabled by default.
SSH Tectia Server for Unix versions 4.0.3 and 4.0.4 are affected by this issue. Tectia Server for Windows is not vulnerable to this issue.
Exploit / POC
SSH Communications SSH Tectia Server Private Key Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
SSH Communications SSH Tectia Server Private Key Disclosure Vulnerability
Solution:
The vendor has released Tectia Server version 4.0.5 to address this issue.
SSH Communications Security Tectia Server 4.0.3
SSH Communications Security Tectia Server 4.0.4
Solution:
The vendor has released Tectia Server version 4.0.5 to address this issue.
SSH Communications Security Tectia Server 4.0.3
-
SSH Communications Security SSH Tectia Server 4.0.5
http://www.ssh.com/support/downloads/tectia-server-unix/updates-and-pa ckages-4-0.html
SSH Communications Security Tectia Server 4.0.4
-
SSH Communications Security SSH Tectia Server 4.0.5
http://www.ssh.com/support/downloads/tectia-server-unix/updates-and-pa ckages-4-0.html
References
SSH Communications SSH Tectia Server Private Key Disclosure Vulnerability
References:
References:
- SSH Tectia Server (Unix) 4.0 Vulnerability in "passwd" Program(VU#814918) (SSH Communications Security)