Overview
SSH Tectia Server contains a race condition that may permit an authenticated user access to the private key of the server. Exploitation of this vulnerability may lead to the ability to compromise the trust relationships of the vulnerable server.
Description
SSH Tectia Server versions 4.0.3 and 4.0.4 for Unix contain a race condition vulnerability when the password change plugin (ssh-passwd-plugin) is enabled. Note that the password change plugin is disabled by default. Versions 4.0.3 and 4.0.4 of SSH Tectia Server running on the following platforms are affected:
|
Impact
Exploitation of this vulnerability may lead to the ability of an authenticated user with shell access to gain access to the private key of the server, thus compromising the trust relationships of the vulnerable server. |
Solution
Upgrading to 4.0.5. If a host has been running a vulnerable version of SSH Tectia, configured to use the password change plugin and the users have had shell access, SSH recommends that the hostkeys be regenerated after upgrading. |
Disabling the AuthPassword.ChangePlugin configuration option will mitigate this vulnerability. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to SSH Communications for reporting this vulnerability.
This document was written by Jason A Rafail and is based on the information provided by SSH Communications.
Other Information
| CVE IDs: | None |
| Severity Metric: | 11.39 |
| Date Public: | 2003-03-23 |
| Date First Published: | 2004-03-23 |
| Date Last Updated: | 2004-03-23 15:38 UTC |
| Document Revision: | 18 |