CVE-2001-1473

The MITRE CVE dictionary describes this issue as:

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.

Find out more about CVE-2001-1473 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the version of the openssh as shipped with Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future openssh updates for Red Hat Enterprise Linux 4. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 5 and 6, since it is SSH-1 protocol specific and those versions did not enable SSH-1 protocol support in the default configuration.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.