SA-2023-068 - SSH Sniffing (CVE-2001-0572) - Extreme Networks

Summary

The SSH protocols 1 and 2, as implemented in OpenSSH and other packages, have various weaknesses that can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing; (2) whether RSA or DSA authentication is being used; (3) the number of authorized keys in RSA authentication, or (4) the lengths of shell commands.

Products not listed in the Products Potentially Affected section have not been evaluated. Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published. Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question.

Products Potentially Affected

OS/Product	Exposure
200-series	Yes

Repair Recommendations

200-series:

Will not fix

Please see the full security advisory article here for more details and updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Extreme Networks

SA-2023-068 - SSH Sniffing (CVE-2001-0572)

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)