CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
92.7%
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | mac_os_x_server | 10.4 | cpe:/o:apple:mac_os_x_server:10.4::: |
apple | mac_os_x | 10.4.7 | cpe:/o:apple:mac_os_x:10.4.7::: |
apple | mac_os_x_server | 10.4.3 | cpe:/o:apple:mac_os_x_server:10.4.3::: |
apple | mac_os_x_server | 10.4.5 | cpe:/o:apple:mac_os_x_server:10.4.5::: |
apple | mac_os_x | 10.4.4 | cpe:/o:apple:mac_os_x:10.4.4::: |
apple | mac_os_x | 10.3.9 | cpe:/o:apple:mac_os_x:10.3.9::: |
apple | mac_os_x | 10.4.5 | cpe:/o:apple:mac_os_x:10.4.5::: |
apple | mac_os_x_server | 10.3.9 | cpe:/o:apple:mac_os_x_server:10.3.9::: |
apple | mac_os_x_server | 10.4.4 | cpe:/o:apple:mac_os_x_server:10.4.4::: |
apple | mac_os_x_server | 10.4.8 | cpe:/o:apple:mac_os_x_server:10.4.8::: |
docs.info.apple.com/article.html?artnum=305214
lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
secunia.com/advisories/24479
www.osvdb.org/34850
www.securityfocus.com/bid/22948
www.securitytracker.com/id?1017756
www.us-cert.gov/cas/techalerts/TA07-072A.html
www.vupen.com/english/advisories/2007/0930
exchange.xforce.ibmcloud.com/vulnerabilities/32975