CVE-2012-5975
Description
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| linux-kernel | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ssh | tectia_server | 6.0.4 | |
| ssh | tectia_server | 6.0.5 | |
| ssh | tectia_server | 6.0.6 | |
| ssh | tectia_server | 6.0.7 | |
| ssh | tectia_server | 6.0.8 | |
| ssh | tectia_server | 6.0.9 | |
| ssh | tectia_server | 6.0.10 | |
| ssh | tectia_server | 6.0.11 | |
| ssh | tectia_server | 6.0.12 | |
| ssh | tectia_server | 6.0.13 | |
| ssh | tectia_server | 6.0.14 | |
| ssh | tectia_server | 6.0.17 | |
| ssh | tectia_server | 6.0.18 | |
| ssh | tectia_server | 6.0.19 | |
| ssh | tectia_server | 6.0.20. | |
| ssh | tectia_server | 6.1.0 | |
| ssh | tectia_server | 6.1.1 | |
| ssh | tectia_server | 6.1.2 | |
| ssh | tectia_server | 6.1.3 | |
| ssh | tectia_server | 6.1.4 | |
| ssh | tectia_server | 6.1.5 | |
| ssh | tectia_server | 6.1.6 | |
| ssh | tectia_server | 6.1.7 | |
| ssh | tectia_server | 6.1.8 | |
| ssh | tectia_server | 6.1.9 | |
| ssh | tectia_server | 6.1.12 | |
| ssh | tectia_server | 6.2.0 | |
| ssh | tectia_server | 6.2.1 | |
| ssh | tectia_server | 6.2.2 | |
| ssh | tectia_server | 6.2.3 | |
| ssh | tectia_server | 6.2.4 | |
| ssh | tectia_server | 6.2.5 | |
| ssh | tectia_server | 6.3.0 | |
| ssh | tectia_server | 6.3.1 | |
| ssh | tectia_server | 6.3.2 | |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html
- http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html
- http://www.exploit-db.com/exploits/23082/
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb
- http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html
- http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html
- http://www.exploit-db.com/exploits/23082/
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.