CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1380

HIGH
7.5
CVSS Severity Score
EPSS Score0.0570%
EPSS Percentile5.24th
PublishedOct 18, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

Affected Platforms (CPE)

πŸ“¦
Openbsd

Openssh

<= 2.9.9

References & Advisories

πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
πŸ”— http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
πŸ”— http://marc.info/?l=bugtraq&m=100154541809940&w=2
πŸ”— http://rhn.redhat.com/errata/RHSA-2001-114.html
πŸ”— http://www.ciac.org/ciac/bulletins/m-010.shtml
πŸ”— http://www.kb.cert.org/vuls/id/905795
πŸ”— http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php
πŸ”— http://www.osvdb.org/642

Related Vulnerabilities

CVE-2000-052510.0

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary comma...

CVE-2002-064010.0

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of re...

CVE-1999-066110.0

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP...

CVE-2003-069310.0

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitr...