Launchpad CVE tracker

CVE 2003-0190

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

Related bugs and status

CVE-2003-0190 (Candidate) is related to these bugs:

Bug #10334: timing attack allows attacker to determine valid usernames

Summary				In	Importance	Status
	10334	timing attack allows attacker to determine valid usernames		openssh (Ubuntu)	High	Fix Released
	10334	timing attack allows attacker to determine valid usernames		openssh (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20030430 OpenSSH/PAM t...
MISC: http://lab.mediaservic...
REDHAT: RHSA-2003:222
REDHAT: RHSA-2003:224
TURBO: TLSA-2003-31
BID: 7467
BUGTRAQ: 20030430 OpenSSH/PAM t...
BUGTRAQ: 20030806 [OpenPKG-SA-2...
OVAL: oval:org.mitre.oval:de...
CONFIRM: https://cert-portal.si...

Launchpad.net

CVE 2003-0190

Related bugs and status

Related bugs

References