ID CVE-2005-2666
Summary SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
CVSS
Base: 1.2 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:N/A:N
oval via4
accepted 2013-04-29T04:03:24.656-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
family unix
id oval:org.mitre.oval:def:10201
status accepted
submitted 2010-07-09T03:56:16-04:00
title SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
version 29
redhat via4
advisories
bugzilla
id 162681
title CVE-2005-2666 openssh vulnerable to known_hosts address harvesting
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment openssh is earlier than 0:3.9p1-8.RHEL4.20
          oval oval:com.redhat.rhsa:tst:20070257001
        • comment openssh is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060044002
      • AND
        • comment openssh-askpass is earlier than 0:3.9p1-8.RHEL4.20
          oval oval:com.redhat.rhsa:tst:20070257003
        • comment openssh-askpass is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060044004
      • AND
        • comment openssh-askpass-gnome is earlier than 0:3.9p1-8.RHEL4.20
          oval oval:com.redhat.rhsa:tst:20070257005
        • comment openssh-askpass-gnome is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060044006
      • AND
        • comment openssh-clients is earlier than 0:3.9p1-8.RHEL4.20
          oval oval:com.redhat.rhsa:tst:20070257007
        • comment openssh-clients is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060044008
      • AND
        • comment openssh-server is earlier than 0:3.9p1-8.RHEL4.20
          oval oval:com.redhat.rhsa:tst:20070257009
        • comment openssh-server is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060044010
rhsa
id RHSA-2007:0257
released 2007-05-01
severity Low
title RHSA-2007:0257: openssh security and bug fix update (Low)
rpms
  • openssh-0:3.9p1-8.RHEL4.20
  • openssh-askpass-0:3.9p1-8.RHEL4.20
  • openssh-askpass-gnome-0:3.9p1-8.RHEL4.20
  • openssh-clients-0:3.9p1-8.RHEL4.20
  • openssh-debuginfo-0:3.9p1-8.RHEL4.20
  • openssh-server-0:3.9p1-8.RHEL4.20
refmap via4
misc
sco SCOSA-2006.11
secunia
  • 19243
  • 25098
statements via4
contributor Joshua Bressers
lastmodified 2006-09-20
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162681 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 11-10-2017 - 01:30
Published 23-08-2005 - 04:00
Last modified 11-10-2017 - 01:30
Back to Top