SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/786900 | Third Party Advisory US Government Resource |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6604 | |
http://www.kb.cert.org/vuls/id/786900 | Third Party Advisory US Government Resource |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6604 |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/786900 - Third Party Advisory, US Government Resource | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/6604 - |
Information
Published : 2001-01-18 05:00
Updated : 2024-11-20 23:37
NVD link : CVE-2001-1474
Mitre link : CVE-2001-1474
CVE.ORG link : CVE-2001-1474
JSON object : View
Products Affected
ssh
- ssh
CWE