Lucene search

[email protected]NVD:CVE-2010-4478

HistoryDec 06, 2010 - 10:30 p.m.

CVE-2010-4478

2010-12-0622:30:31

CWE-287

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

Affected configurations

NVD

Node

openbsdopensshRange≤5.6

openbsdopensshMatch1.2

openbsdopensshMatch1.2.1

openbsdopensshMatch1.2.2

openbsdopensshMatch1.2.3

openbsdopensshMatch1.2.27

openbsdopensshMatch1.3

openbsdopensshMatch1.5

openbsdopensshMatch1.5.7

openbsdopensshMatch1.5.8

openbsdopensshMatch2.1

openbsdopensshMatch2.1.1

openbsdopensshMatch2.2

openbsdopensshMatch2.3

openbsdopensshMatch2.3.1

openbsdopensshMatch2.5

openbsdopensshMatch2.5.1

openbsdopensshMatch2.5.2

openbsdopensshMatch2.9

openbsdopensshMatch2.9.9

openbsdopensshMatch2.9.9p2

openbsdopensshMatch2.9p1

openbsdopensshMatch2.9p2

openbsdopensshMatch3.0

openbsdopensshMatch3.0.1

openbsdopensshMatch3.0.1p1

openbsdopensshMatch3.0.2

openbsdopensshMatch3.0.2p1

openbsdopensshMatch3.0p1

openbsdopensshMatch3.1

openbsdopensshMatch3.1p1

openbsdopensshMatch3.2

openbsdopensshMatch3.2.2

openbsdopensshMatch3.2.2p1

openbsdopensshMatch3.2.3p1

openbsdopensshMatch3.3

openbsdopensshMatch3.3p1

openbsdopensshMatch3.4

openbsdopensshMatch3.4p1

openbsdopensshMatch3.5

openbsdopensshMatch3.5p1

openbsdopensshMatch3.6

openbsdopensshMatch3.6.1

openbsdopensshMatch3.6.1p1

openbsdopensshMatch3.6.1p2

openbsdopensshMatch3.7

openbsdopensshMatch3.7.1

openbsdopensshMatch3.7.1p1

openbsdopensshMatch3.7.1p2

openbsdopensshMatch3.8

openbsdopensshMatch3.8.1

openbsdopensshMatch3.8.1p1

openbsdopensshMatch3.9

openbsdopensshMatch3.9.1

openbsdopensshMatch3.9.1p1

openbsdopensshMatch4.0

openbsdopensshMatch4.0p1

openbsdopensshMatch4.1

openbsdopensshMatch4.1p1

openbsdopensshMatch4.2

openbsdopensshMatch4.2p1

openbsdopensshMatch4.3

openbsdopensshMatch4.3p1

openbsdopensshMatch4.3p2

openbsdopensshMatch4.4

openbsdopensshMatch4.4p1

openbsdopensshMatch4.5

openbsdopensshMatch4.6

openbsdopensshMatch4.7

openbsdopensshMatch4.7p1

openbsdopensshMatch4.8

openbsdopensshMatch4.9

openbsdopensshMatch5.0

openbsdopensshMatch5.1

openbsdopensshMatch5.2

openbsdopensshMatch5.3

openbsdopensshMatch5.4

openbsdopensshMatch5.5

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h

bugzilla.redhat.com/show_bug.cgi?id=659297

github.com/seb-m/jpake

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for NVD:CVE-2010-4478

cve2 debiancve2 attackerkb1 ubuntucve2 cvelist2 prion2 f54 openvas13 openssl1 nvd1 nessus10 slackware1 securityvulns1 gentoo2 ibm6 vmware2 lenovo2