Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0144 — Openssh vulnerability

5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

61.7%

top 1.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openbsd Openssh SSH

Timeline

PublishedMar 12

Latest updateApr 30

Description

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDssh/ssh8 versions+7

▶NVDopenbsd/openssh5 versions+4

Patches

Patch: razor.bindview.com ↗Patch: www.securityfocus.com ↗Patch: razor.bindview.com ↗

🔴Vulnerability Details

GHSA

GHSA-xrvw-f7p8-2hqm: CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer over↗2022-04-30

▶

CVEList

CVE-2001-0144: CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer over↗2001-05-07

▶

💥Exploits & PoCs

Exploit-DB

SSH (x2) - Remote Command Execution↗2002-05-01

▶

Exploit-DB

SSH 1.2.x - CRC-32 Compensation Attack Detector↗2001-02-08

▶