1.2 CVE-2005-2666
Patch
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
https://nvd.nist.gov/vuln/detail/CVE-2005-2666
Categories
CWE-255
References
MISC Patch
OVAL
REDHAT
SCO
SECUNIA
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:* |
REMEDIATION
Patch
Url |
---|
http://nms.csail.mit.edu/projects/ssh/ |
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
Other (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
No entry |
MITRE
Sherlock® flash
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.
