CVE-2003-1120 — Race Condition in Tectia Server

3 documents3 sources

Severity

3.7LOWNVD

EPSS

0.2%

top 62.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SSH Tectia Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages1 packages

▶NVDssh/tectia_server4.0.3, 4.0.4+1

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.ssh.com ↗

🔴Vulnerability Details

GHSA

GHSA-9fjw-px98-qrx4: Race condition in SSH Tectia Server 4↗2022-04-29

▶

CVEList

CVE-2003-1120: Race condition in SSH Tectia Server 4↗2005-03-12

▶