CVE-2001-1474

Description

SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.

Affected Software
References

Software	From	Fixed in
ssh / ssh	1.2.24	1.2.24.x
ssh / ssh	1.2.25	1.2.25.x
ssh / ssh	1.2.26	1.2.26.x
ssh / ssh	1.2.27	1.2.27.x
ssh / ssh	1.2.28	1.2.28.x
ssh / ssh	1.2.29	1.2.29.x
ssh / ssh	1.2.30	1.2.30.x
ssh / ssh	1.2.31	1.2.31.x

http://www.kb.cert.org/vuls/id/786900
https://exchange.xforce.ibmcloud.com/vulnerabilities/6604

Severity: Medium

CVE: CVE-2001-1474
Published: Jan 18, 2001
Updated: Apr 13, 2023
Exploit:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CVE-2001-1474

Description

Details

CVSS v2