Lucene search
HistoryApr 10, 2000 - 4:00 a.m.
CVE-2000-0217
cve-2000-0217
ssh
x forwarding
remote attacker
xauth program
nvd
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.6%
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client’s X sessions via a malicious xauth program.
Affected configurations
Node
openbsdopensshMatch1.2
ORsshsshMatch1.2.0
ORsshsshMatch1.2.1
ORsshsshMatch1.2.2
ORsshsshMatch1.2.3
ORsshsshMatch1.2.4
ORsshsshMatch1.2.5
ORsshsshMatch1.2.6
ORsshsshMatch1.2.7
ORsshsshMatch1.2.8
ORsshsshMatch1.2.9
ORsshsshMatch1.2.10
ORsshsshMatch1.2.11
ORsshsshMatch1.2.12
ORsshsshMatch1.2.13
ORsshsshMatch1.2.14
ORsshsshMatch1.2.15
ORsshsshMatch1.2.16
ORsshsshMatch1.2.17
ORsshsshMatch1.2.18
ORsshsshMatch1.2.19
ORsshsshMatch1.2.20
ORsshsshMatch1.2.21
ORsshsshMatch1.2.22
ORsshsshMatch1.2.23
ORsshsshMatch1.2.24
ORsshsshMatch1.2.25
ORsshsshMatch1.2.26
ORsshsshMatch1.2.27
ORsshsshMatch1.2.28
ORsshsshMatch1.2.29
ORsshsshMatch1.2.30
ORsshsshMatch1.2.31
ORsshssh2Match2.0
ORsshssh2Match2.0.1
ORsshssh2Match2.0.2
ORsshssh2Match2.0.3
ORsshssh2Match2.0.4
ORsshssh2Match2.0.5
ORsshssh2Match2.0.6
ORsshssh2Match2.0.7
ORsshssh2Match2.0.8
ORsshssh2Match2.0.9
ORsshssh2Match2.0.10
ORsshssh2Match2.0.11
ORsshssh2Match2.0.12
References
Related
nvd
nvd
CVE-2000-0217
2000-02-24 05:00:00
nessus
nessus
OpenSSH < 1.2.3 xauth Session Highjacking
2011-10-04 00:00:00
cvelist
cvelist
CVE-2000-0217
2000-04-10 04:00:00
cert
cert
Older SSH clients do not allow users to disable X11 forwarding
2001-01-18 00:00:00
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.6%
Related for CVE-2000-0217