Vulnerability Details CVE-2003-1120
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.0%
CVSS Severity
CVSS v2 Score 3.7
References
- http://secunia.com/advisories/11193
- http://securitytracker.com/alerts/2004/Mar/1009532.html
- http://www.kb.cert.org/vuls/id/814198
- http://www.osvdb.org/displayvuln.php?osvdb_id=4491
- http://www.securityfocus.com/bid/9956
- http://www.ssh.com/company/newsroom/article/520/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15585
- http://secunia.com/advisories/11193
- http://securitytracker.com/alerts/2004/Mar/1009532.html
- http://www.kb.cert.org/vuls/id/814198
- http://www.osvdb.org/displayvuln.php?osvdb_id=4491
- http://www.securityfocus.com/bid/9956
- http://www.ssh.com/company/newsroom/article/520/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15585
Products affected by CVE-2003-1120
-
cpe:2.3:a:ssh:tectia_server:4.0.3
-
cpe:2.3:a:ssh:tectia_server:4.0.4