search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Certain implementations of SSH1 may reveal internal cryptologic state

Vulnerability Note VU#161576

Original Release Date: 2002-07-31 | Last Revised: 2002-07-31

Overview

An implementation problem in at least one Secure Shell (SSH) product and a weakness in the PKCS#1_1.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH.

Description

A weakness in some SSH products using the SSH1 protocol may allow an attacker to determine internal cryptologic states. Combined with a weakness in the PKCS#1_1.5 public key encryption standard, used by SSH protocol 1.5, this vulnerability may be exploited to recover arbitrary session keys used for symmetric encryption in SSH connections. It has been reported that these vulnerabilities are relatively difficult to exploit.

Impact

An attacker may recover an SSH connection's session key and decrypt all communications from the connection.

Solution

Apply a patch available from your vendor

This vulnerability was first reported and patched in early 2001.

Reduce potential exposure

Disable all variants of SSH protocols 1.5 and older on the server.

Vendor Information

161576
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to CORE SDI for reporting this vulnerability and to Markus Friedl and Tatu Ylonen for their helpful clarifications.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: CVE-2001-0361
Severity Metric: 6.48
Date Public: 2001-02-13
Date First Published: 2002-07-31
Date Last Updated: 2002-07-31 23:01 UTC
Document Revision: 20

Sponsored by CISA.