VAR-200305-0063
Vulnerability from variot - Updated: 2024-03-18 20:58OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. Portable Edition OpenSSH If this setting is PAM If enabled in conjunction with an implementation of OpenSSH When authentication fails, the authentication result is determined depending on the existing username and non-existing username. "Permission denied, please try again." There is a vulnerability where there is a difference in the time it takes to return the .It may be possible to guess whether the username exists or not. The portable version of OpenSSH is reported prone to an information-disclosure vulnerability. The portable version is distributed for operating systems other than its native OpenBSD platform. This issue is related to BID 7467. Reportedly, the previous fix for BID 7467 didn't completely fix the issue. This current issue may involve differing code paths in PAM, resulting in a new vulnerability, but this has not been confirmed. Exploiting this vulnerability allows remote attackers to test for the presence of valid usernames. Knowledge of usernames may aid them in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200305-0063",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openpkg",
"scope": "eq",
"trust": 1.0,
"vendor": "openpkg",
"version": "1.2"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.0,
"vendor": "openpkg",
"version": "1.3"
},
{
"model": "scalance x204rna ecc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.7"
},
{
"model": "scalance x204rna",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.7"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.6.1"
},
{
"model": "openssh",
"scope": "lt",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.6.1"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.1"
},
{
"model": "openssh",
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.2"
},
{
"model": "turbolinux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "8.0"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.3"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "9"
},
{
"model": "asianux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.6,
"vendor": "suse",
"version": "9"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.6,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.6,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.6,
"vendor": "openssh",
"version": "3.6.1"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.6,
"vendor": "openssh",
"version": "3.5"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.6,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.6,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.6,
"vendor": "openbsd",
"version": "3.4p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.6,
"vendor": "openbsd",
"version": "3.6.1p1"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.9"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.8.1"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.8"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.7.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.7.1"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.7"
},
{
"model": ".1p2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.7"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.7"
},
{
"model": "p2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.6.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.6.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.5"
},
{
"model": "p1-1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.4"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.3"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.2.3"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.2.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.1"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0.2"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0.1"
},
{
"model": "p1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "3.0"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "4.1"
},
{
"model": "linux ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "4.1"
},
{
"model": "linux ia32",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "4.1"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "6.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "6.5"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "6.1"
},
{
"model": "advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "6.0"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "p2",
"scope": "ne",
"trust": 0.3,
"vendor": "openssh",
"version": "3.6.1"
}
],
"sources": [
{
"db": "BID",
"id": "11781"
},
{
"db": "BID",
"id": "7467"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-021"
},
{
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x204rna_ecc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x204rna_ecc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marco Ivaldi\u203b raptor@mediaservice.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-021"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0190",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0190",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200305-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2003-0190",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0190"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-021"
},
{
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. Portable Edition OpenSSH If this setting is PAM If enabled in conjunction with an implementation of OpenSSH When authentication fails, the authentication result is determined depending on the existing username and non-existing username. \"Permission denied, please try again.\" There is a vulnerability where there is a difference in the time it takes to return the .It may be possible to guess whether the username exists or not. The portable version of OpenSSH is reported prone to an information-disclosure vulnerability. The portable version is distributed for operating systems other than its native OpenBSD platform. \nThis issue is related to BID 7467. Reportedly, the previous fix for BID 7467 didn\u0027t completely fix the issue. This current issue may involve differing code paths in PAM, resulting in a new vulnerability, but this has not been confirmed. \nExploiting this vulnerability allows remote attackers to test for the presence of valid usernames. Knowledge of usernames may aid them in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0190"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"db": "BID",
"id": "11781"
},
{
"db": "BID",
"id": "7467"
},
{
"db": "VULMON",
"id": "CVE-2003-0190"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=26",
"trust": 0.3,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0190"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0190",
"trust": 3.9
},
{
"db": "BID",
"id": "7467",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000136",
"trust": 0.8
},
{
"db": "TURBO",
"id": "TLSA-2003-31",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20030430 OPENSSH/PAM TIMING ATTACK ALLOWS REMOTE USERS IDENTIFICATION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030430 OPENSSH/PAM TIMING ATTACK ALLOWS REMOTE USERS IDENTIFICATION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030806 [OPENPKG-SA-2003.035] OPENPKG SECURITY ADVISORY (OPENSSH)",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:224",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:222",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:445",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200305-021",
"trust": 0.6
},
{
"db": "BID",
"id": "11781",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-349-21",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "26",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-0190",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0190"
},
{
"db": "BID",
"id": "11781"
},
{
"db": "BID",
"id": "7467"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-021"
},
{
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"id": "VAR-200305-0063",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.53838384
},
"last_update_date": "2024-03-18T20:58:00.361000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2003",
"trust": 0.8,
"url": "http://www.openbsd.org/"
},
{
"title": "Ubuntu Security Notice: openssh information leakage",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-34-1"
},
{
"title": "https://github.com/octane23/CASE-STUDY-1",
"trust": 0.1,
"url": "https://github.com/octane23/case-study-1 "
},
{
"title": "advisories",
"trust": 0.1,
"url": "https://github.com/0xdea/advisories "
},
{
"title": "exploits",
"trust": 0.1,
"url": "https://github.com/0xdea/exploits "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0190"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "Observable discrepancy (CWE-203) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/7467"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-april/004815.html"
},
{
"trust": 1.7,
"url": "http://lab.mediaservice.net/advisory/2003-01-openssh.txt"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-222.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-224.html"
},
{
"trust": 1.7,
"url": "http://www.turbolinux.com/security/tlsa-2003-31.txt"
},
{
"trust": 1.2,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105172058404810\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=105172058404810\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=106018677302607\u0026w=2"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a445"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0190"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106018677302607\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:445"
},
{
"trust": 0.3,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2003-224.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "/archive/1/320031"
},
{
"trust": 0.3,
"url": "/archive/1/320302"
},
{
"trust": 0.3,
"url": "/archive/1/320239"
},
{
"trust": 0.3,
"url": "/archive/1/320280"
},
{
"trust": 0.3,
"url": "/archive/1/320276"
},
{
"trust": 0.3,
"url": "/archive/1/320270"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/34-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/26/"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0190"
},
{
"db": "BID",
"id": "7467"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-021"
},
{
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2003-0190"
},
{
"db": "BID",
"id": "11781"
},
{
"db": "BID",
"id": "7467"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-021"
},
{
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0190"
},
{
"date": "2004-11-30T00:00:00",
"db": "BID",
"id": "11781"
},
{
"date": "2003-04-30T00:00:00",
"db": "BID",
"id": "7467"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"date": "2003-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-021"
},
{
"date": "2003-05-12T04:00:00",
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0190"
},
{
"date": "2007-05-08T23:09:00",
"db": "BID",
"id": "11781"
},
{
"date": "2007-02-22T02:36:00",
"db": "BID",
"id": "7467"
},
{
"date": "2024-03-04T01:48:00",
"db": "JVNDB",
"id": "JVNDB-2003-000136"
},
{
"date": "2006-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-021"
},
{
"date": "2024-02-15T18:46:16.187000",
"db": "NVD",
"id": "CVE-2003-0190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "11781"
},
{
"db": "BID",
"id": "7467"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSH\u00a0 of \u00a0PAM\u00a0 Vulnerability to timing attack in authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000136"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11781"
},
{
"db": "BID",
"id": "7467"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-021"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…