CVE-2003-1120

Severity

37%

Complexity

19%

Confidentiality

106%

Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.

Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.

CVSS 2.0 Base Score 3.7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P).

Overview

Type

SSH Communications Security Tectia Server

First reported 21 years ago

2003-12-31 05:00:00

Last updated 7 years ago

2017-07-11 01:29:00

Affected Software

SSH Communications Security Tectia Server 4.0.3

4.0.3

SSH Communications Security Tectia Server 4.0.4

4.0.4

References

11193

1009532

VU#814198

Patch, Third Party Advisory, US Government Resource

4491

9956

Patch

http://www.ssh.com/company/newsroom/article/520/

Patch

sshtectiaserver-passwdplugin-race-condition(15585)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.