CVE Details for CVE: CVE-2003-1120
Summary
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:29 |
| Published | 31-12-2003 - 05:00 |
| Last modified | 11-07-2017 - 01:29 |
References
- http://www.ssh.com/company/newsroom/article/520/
- http://www.kb.cert.org/vuls/id/814198
- http://www.securityfocus.com/bid/9956
- http://securitytracker.com/alerts/2004/Mar/1009532.html
- http://secunia.com/advisories/11193
- http://www.osvdb.org/displayvuln.php?osvdb_id=4491
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15585
CWE
CVSS
Base
3.7
Impact
6.4
Exploitability
1.9
Access
| Vector | Complexity | Authentication |
|---|---|---|
| LOCAL | HIGH | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | PARTIAL | PARTIAL |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| bid | 9956 |
| cert-vn | VU#814198 |
| confirm | http://www.ssh.com/company/newsroom/article/520/ |
| osvdb | 4491 |
| sectrack | 1009532 |
| secunia | 11193 |
| xf | sshtectiaserver-passwdplugin-race-condition(15585) |