CVE-2004-2760Openssh vulnerability

7 documents7 sources
Severity
6.8MEDIUMNVD
CNA5.0OSV5.0
EPSS
0.3%
top 46.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedDec 31
Latest updateApr 29

Description

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a sepa

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianopenbsd/openssh< 1:3.6p1-1+3
NVDopenbsd/openssh3.5, 3.5p1+1

🔴Vulnerability Details

3
GHSA
GHSA-xv6r-hw9g-7g96: sshd in OpenSSH 32022-04-29
CVEList
CVE-2004-2760: sshd in OpenSSH 32008-08-04
OSV
CVE-2004-2760: sshd in OpenSSH 32004-12-31

📋Vendor Advisories

2
Red Hat
openssh information disclosure2004-04-12
Debian
CVE-2004-2760: openssh - sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the ...2004

💬Community

1
Bugzilla
CVE-2004-2760 openssh information disclosure2008-08-04
CVE-2004-2760 — Openbsd Openssh vulnerability | cvebase