CVE-2007-0726

high

Description

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32975

http://www.vupen.com/english/advisories/2007/0930

http://www.us-cert.gov/cas/techalerts/TA07-072A.html

http://www.securitytracker.com/id?1017756

http://www.securityfocus.com/bid/22948

http://www.osvdb.org/34850

http://secunia.com/advisories/24479

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

http://docs.info.apple.com/article.html?artnum=305214

Details

Source: Mitre, NVD

Published: 2007-03-13

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High