Vulnerabilites related to openbsd - openssh
cve-2015-6565
Vulnerability from cvelistv5
Published
2015-08-24 00:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/22/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"name": "1033917",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033917"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "41173",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41173/"
},
{
"name": "[oss-security] 20170126 Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/01/26/2"
},
{
"name": "76497",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76497"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/22/1"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"name": "1033917",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033917"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"url": "http://www.openssh.com/txt/release-7.0"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "41173",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/41173/"
},
{
"name": "[oss-security] 20170126 Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2017/01/26/2"
},
{
"name": "76497",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/76497"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6565",
"datePublished": "2015-08-24T00:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51384
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T21:08:06.929696",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51384",
"datePublished": "2023-12-18T00:00:00",
"dateReserved": "2023-12-18T00:00:00",
"dateUpdated": "2024-08-02T22:32:09.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1483
Vulnerability from cvelistv5
Published
2008-03-24 23:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "DSA-1576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "29554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29554"
},
{
"name": "ADV-2008-1526",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"name": "ADV-2008-1630",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"name": "[security-announce] 20080403 Globus Security Advisory 2008-01: GSI-OpenSSH vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"name": "29686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29686"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31531"
},
{
"name": "SSA:2008-095-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "HPSBUX02337",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "openssh-sshd-session-hijacking(41438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"name": "USN-597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/597-1/"
},
{
"name": "1019235",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"name": "ADV-2008-1624",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "30249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"name": "29735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "SSRT080072",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "29721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29721"
},
{
"name": "ADV-2008-2396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29522"
},
{
"name": "30086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30086"
},
{
"name": "29939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29939"
},
{
"name": "30347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30347"
},
{
"name": "oval:org.mitre.oval:def:6085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"name": "ADV-2008-0994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"name": "1019707",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019707"
},
{
"name": "237444",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"name": "MDVSA-2008:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"name": "29676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29676"
},
{
"name": "29873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29873"
},
{
"name": "29537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29537"
},
{
"name": "29626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29626"
},
{
"name": "20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"name": "ADV-2008-1448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"name": "NetBSD-SA2008-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "30230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30230"
},
{
"name": "28444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28444"
},
{
"name": "GLSA-200804-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "FreeBSD-SA-08:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"name": "ADV-2008-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "DSA-1576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "29554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29554"
},
{
"name": "ADV-2008-1526",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"name": "ADV-2008-1630",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"name": "[security-announce] 20080403 Globus Security Advisory 2008-01: GSI-OpenSSH vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"name": "29686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29686"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31531"
},
{
"name": "SSA:2008-095-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "HPSBUX02337",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "openssh-sshd-session-hijacking(41438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"name": "USN-597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/597-1/"
},
{
"name": "1019235",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"name": "ADV-2008-1624",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "30249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"name": "29735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "SSRT080072",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "29721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29721"
},
{
"name": "ADV-2008-2396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29522"
},
{
"name": "30086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30086"
},
{
"name": "29939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29939"
},
{
"name": "30347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30347"
},
{
"name": "oval:org.mitre.oval:def:6085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"name": "ADV-2008-0994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"name": "1019707",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019707"
},
{
"name": "237444",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"name": "MDVSA-2008:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"name": "29676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29676"
},
{
"name": "29873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29873"
},
{
"name": "29537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29537"
},
{
"name": "29626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29626"
},
{
"name": "20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"name": "ADV-2008-1448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"name": "NetBSD-SA2008-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "30230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30230"
},
{
"name": "28444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28444"
},
{
"name": "GLSA-200804-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "FreeBSD-SA-08:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"name": "ADV-2008-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"name": "http://support.attachmate.com/techdocs/2374.html",
"refsource": "CONFIRM",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "DSA-1576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "29554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29554"
},
{
"name": "ADV-2008-1526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"name": "ADV-2008-1630",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"name": "[security-announce] 20080403 Globus Security Advisory 2008-01: GSI-OpenSSH vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"name": "29686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29686"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31531"
},
{
"name": "SSA:2008-095-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "HPSBUX02337",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "openssh-sshd-session-hijacking(41438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"name": "USN-597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/597-1/"
},
{
"name": "1019235",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2397",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"name": "ADV-2008-1624",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "30249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30249"
},
{
"name": "20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"name": "29735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "SSRT080072",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "29721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29721"
},
{
"name": "ADV-2008-2396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29522"
},
{
"name": "30086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30086"
},
{
"name": "29939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29939"
},
{
"name": "30347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30347"
},
{
"name": "oval:org.mitre.oval:def:6085",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"name": "ADV-2008-0994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"name": "1019707",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019707"
},
{
"name": "237444",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"name": "MDVSA-2008:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"name": "29676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29676"
},
{
"name": "29873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29873"
},
{
"name": "29537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29537"
},
{
"name": "29626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29626"
},
{
"name": "20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"name": "ADV-2008-1448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"name": "NetBSD-SA2008-005",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "30230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30230"
},
{
"name": "28444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28444"
},
{
"name": "GLSA-200804-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "FreeBSD-SA-08:05",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"name": "ADV-2008-1124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1483",
"datePublished": "2008-03-24T23:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4654
Vulnerability from cvelistv5
Published
2007-09-04 22:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/45873 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/3091 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44542 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/478165/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45873"
},
{
"name": "3091",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3091"
},
{
"name": "cisco-css-sshield-dos(44542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44542"
},
{
"name": "20070830 Cisco CSS WebNS ssh crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/478165/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45873"
},
{
"name": "3091",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3091"
},
{
"name": "cisco-css-sshield-dos(44542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44542"
},
{
"name": "20070830 Cisco CSS WebNS ssh crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/478165/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45873",
"refsource": "OSVDB",
"url": "http://osvdb.org/45873"
},
{
"name": "3091",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3091"
},
{
"name": "cisco-css-sshield-dos(44542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44542"
},
{
"name": "20070830 Cisco CSS WebNS ssh crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478165/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4654",
"datePublished": "2007-09-04T22:00:00",
"dateReserved": "2007-09-04T00:00:00",
"dateUpdated": "2024-08-07T15:01:10.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5107
Vulnerability from cvelistv5
Published
2013-03-07 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234"
},
{
"name": "RHSA-2013:1591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1591.html"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908707"
},
{
"name": "58162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156"
},
{
"name": "[oss-security] 20130206 Re: CVE id request: openssh?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/07/3"
},
{
"name": "oval:org.mitre.oval:def:19595",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595"
},
{
"name": "oval:org.mitre.oval:def:19515",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234"
},
{
"name": "RHSA-2013:1591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1591.html"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908707"
},
{
"name": "58162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156"
},
{
"name": "[oss-security] 20130206 Re: CVE id request: openssh?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/07/3"
},
{
"name": "oval:org.mitre.oval:def:19595",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595"
},
{
"name": "oval:org.mitre.oval:def:19515",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234"
},
{
"name": "RHSA-2013:1591",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1591.html"
},
{
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=908707",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908707"
},
{
"name": "58162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58162"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156"
},
{
"name": "[oss-security] 20130206 Re: CVE id request: openssh?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/07/3"
},
{
"name": "oval:org.mitre.oval:def:19595",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595"
},
{
"name": "oval:org.mitre.oval:def:19515",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5107",
"datePublished": "2013-03-07T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:39.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0814
Vulnerability from cvelistv5
Published
2012-01-27 19:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/51702 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2012/01/27/4 | mailing-list, x_refsource_MLIST | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2012/01/26/15 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/78706 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72756 | vdb-entry, x_refsource_XF | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2012/01/26/16 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2012/01/27/1 | mailing-list, x_refsource_MLIST | |
| http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c | x_refsource_CONFIRM | |
| http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51702",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51702"
},
{
"name": "[oss-security] 20120127 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/01/27/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "[oss-security] 20120126 CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/01/26/15"
},
{
"name": "78706",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78706"
},
{
"name": "opensshserver-commands-info-disc(72756)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445"
},
{
"name": "[oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/01/26/16"
},
{
"name": "[oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/01/27/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51702",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51702"
},
{
"name": "[oss-security] 20120127 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/01/27/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "[oss-security] 20120126 CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/01/26/15"
},
{
"name": "78706",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78706"
},
{
"name": "opensshserver-commands-info-disc(72756)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445"
},
{
"name": "[oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/01/26/16"
},
{
"name": "[oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/01/27/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0814",
"datePublished": "2012-01-27T19:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0639
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-134",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-134"
},
{
"name": "openssh-challenge-response-bo(9169)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9169.php"
},
{
"name": "20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html"
},
{
"name": "20020626 OpenSSH Security Advisory (adv.iss)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102514371522793\u0026w=2"
},
{
"name": "6245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6245"
},
{
"name": "CA-2002-18",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-18.html"
},
{
"name": "20020627 How to reproduce OpenSSH Overflow.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102521542826833\u0026w=2"
},
{
"name": "5093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5093"
},
{
"name": "CSSA-2002-030.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt"
},
{
"name": "ESA-20020702-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2177.html"
},
{
"name": "VU#369347",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/369347"
},
{
"name": "CLA-2002:502",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000502"
},
{
"name": "HPSBUX0206-195",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195"
},
{
"name": "MDKSA-2002:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040"
},
{
"name": "20020626 Revised OpenSSH Security Advisory (adv.iss)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102514631524575\u0026w=2"
},
{
"name": "20020626 OpenSSH Remote Challenge Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/RooneyMcNibNug/status/1152332585349111810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-21T14:49:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-134",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-134"
},
{
"name": "openssh-challenge-response-bo(9169)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9169.php"
},
{
"name": "20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html"
},
{
"name": "20020626 OpenSSH Security Advisory (adv.iss)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102514371522793\u0026w=2"
},
{
"name": "6245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6245"
},
{
"name": "CA-2002-18",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-18.html"
},
{
"name": "20020627 How to reproduce OpenSSH Overflow.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102521542826833\u0026w=2"
},
{
"name": "5093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5093"
},
{
"name": "CSSA-2002-030.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt"
},
{
"name": "ESA-20020702-016",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2177.html"
},
{
"name": "VU#369347",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/369347"
},
{
"name": "CLA-2002:502",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000502"
},
{
"name": "HPSBUX0206-195",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195"
},
{
"name": "MDKSA-2002:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040"
},
{
"name": "20020626 Revised OpenSSH Security Advisory (adv.iss)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102514631524575\u0026w=2"
},
{
"name": "20020626 OpenSSH Remote Challenge Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/RooneyMcNibNug/status/1152332585349111810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-134",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-134"
},
{
"name": "openssh-challenge-response-bo(9169)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9169.php"
},
{
"name": "20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html"
},
{
"name": "20020626 OpenSSH Security Advisory (adv.iss)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102514371522793\u0026w=2"
},
{
"name": "6245",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6245"
},
{
"name": "CA-2002-18",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-18.html"
},
{
"name": "20020627 How to reproduce OpenSSH Overflow.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102521542826833\u0026w=2"
},
{
"name": "5093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5093"
},
{
"name": "CSSA-2002-030.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt"
},
{
"name": "ESA-20020702-016",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2177.html"
},
{
"name": "VU#369347",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/369347"
},
{
"name": "CLA-2002:502",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000502"
},
{
"name": "HPSBUX0206-195",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195"
},
{
"name": "MDKSA-2002:040",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040"
},
{
"name": "20020626 Revised OpenSSH Security Advisory (adv.iss)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102514631524575\u0026w=2"
},
{
"name": "20020626 OpenSSH Remote Challenge Vulnerability",
"refsource": "ISS",
"url": "https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html"
},
{
"name": "https://twitter.com/RooneyMcNibNug/status/1152332585349111810",
"refsource": "MISC",
"url": "https://twitter.com/RooneyMcNibNug/status/1152332585349111810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0639",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-28T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8325
Vulnerability from cvelistv5
Published
2016-05-01 00:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "86187",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86187"
},
{
"name": "DSA-3550",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3550"
},
{
"tags": [
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012"
},
{
"name": "RHSA-2017:0641",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html"
},
{
"name": "RHSA-2016:2588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html"
},
{
"name": "1036487",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036487"
},
{
"tags": [
"x_transferred"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8325"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "86187",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/86187"
},
{
"name": "DSA-3550",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3550"
},
{
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012"
},
{
"name": "RHSA-2017:0641",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html"
},
{
"name": "RHSA-2016:2588",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html"
},
{
"name": "1036487",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036487"
},
{
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8325"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8325",
"datePublished": "2016-05-01T00:00:00",
"dateReserved": "2015-11-24T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10012
Vulnerability from cvelistv5
Published
2017-01-05 00:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"name": "94975",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94975"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"name": "94975",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94975"
},
{
"url": "https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9"
},
{
"url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10012",
"datePublished": "2017-01-05T00:00:00",
"dateReserved": "2016-12-19T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15906
Vulnerability from cvelistv5
Published
2017-10-26 00:00
Modified
2024-08-05 20:04
Severity ?
EPSS score ?
Summary
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.6"
},
{
"name": "101552",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101552"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19"
},
{
"name": "GLSA-201801-05",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-05"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180423-0004/"
},
{
"name": "RHSA-2018:0980",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0980"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/txt/release-7.6"
},
{
"name": "101552",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/101552"
},
{
"url": "https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19"
},
{
"name": "GLSA-201801-05",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201801-05"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180423-0004/"
},
{
"name": "RHSA-2018:0980",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0980"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15906",
"datePublished": "2017-10-26T00:00:00",
"dateReserved": "2017-10-25T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8858
Vulnerability from cvelistv5
Published
2016-12-09 00:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:01.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93776",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93776"
},
{
"name": "[oss-security] 20161020 Re: Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/20/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180201-0001/"
},
{
"name": "[oss-security] 20161019 CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/19/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126\u0026r2=1.127\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig"
},
{
"name": "FreeBSD-SA-16:33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc"
},
{
"name": "1037057",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037057"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860"
},
{
"tags": [
"x_transferred"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127\u0026content-type=text/x-cvsweb-markup"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that \"OpenSSH upstream does not consider this as a security issue.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93776",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/93776"
},
{
"name": "[oss-security] 20161020 Re: Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/20/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180201-0001/"
},
{
"name": "[oss-security] 20161019 CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/19/3"
},
{
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126\u0026r2=1.127\u0026f=h"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig"
},
{
"name": "FreeBSD-SA-16:33",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc"
},
{
"name": "1037057",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037057"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860"
},
{
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127\u0026content-type=text/x-cvsweb-markup"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8858",
"datePublished": "2016-12-09T00:00:00",
"dateReserved": "2016-10-19T00:00:00",
"dateUpdated": "2024-08-06T02:35:01.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15919
Vulnerability from cvelistv5
Published
2018-08-28 08:00
Modified
2024-08-05 10:10
Severity ?
EPSS score ?
Summary
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20181221-0001/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105163 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2018/q3/180 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:10:05.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0001/"
},
{
"name": "105163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105163"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2018/q3/180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \u0027We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.\u0027"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-22T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0001/"
},
{
"name": "105163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105163"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2018/q3/180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \u0027We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.\u0027"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20181221-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181221-0001/"
},
{
"name": "105163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105163"
},
{
"name": "http://seclists.org/oss-sec/2018/q3/180",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2018/q3/180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15919",
"datePublished": "2018-08-28T08:00:00",
"dateReserved": "2018-08-28T00:00:00",
"dateUpdated": "2024-08-05T10:10:05.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1010
Vulnerability from cvelistv5
Published
2000-04-25 04:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=94519142415338&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19991214 sshd1 allows unencrypted sessions regardless of server policy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94519142415338\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An SSH 1.2.27 server allows a client to use the \"none\" cipher, even if it is not allowed by the server policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19991214 sshd1 allows unencrypted sessions regardless of server policy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=94519142415338\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SSH 1.2.27 server allows a client to use the \"none\" cipher, even if it is not allowed by the server policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991214 sshd1 allows unencrypted sessions regardless of server policy",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=94519142415338\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1010",
"datePublished": "2000-04-25T04:00:00",
"dateReserved": "1999-12-21T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5161
Vulnerability from cvelistv5
Published
2008-11-19 17:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openssh.org/txt/cbc.adv"
},
{
"name": "247186",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"name": "32319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32319"
},
{
"name": "33121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "49872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49872"
},
{
"name": "33308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33308"
},
{
"name": "RHSA-2009:1287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"name": "1021382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021382"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "50036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50036"
},
{
"name": "32833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32833"
},
{
"name": "36558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36558"
},
{
"name": "50035",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"name": "1021235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021235"
},
{
"name": "34857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"name": "ADV-2008-3173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"name": "20081123 Revised: OpenSSH security advisory: cbc.adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"name": "openssh-sshtectia-cbc-info-disclosure(46620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"name": "32740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32740"
},
{
"name": "ADV-2009-1135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"name": "32760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32760"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "1021236",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"name": "HPSBMA02447",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SSRT090062",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"name": "ADV-2008-3409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"name": "ADV-2008-3172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"name": "oval:org.mitre.oval:def:11279",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"name": "20081121 OpenSSH security advisory: cbc.adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "VU#958563",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/958563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openssh.org/txt/cbc.adv"
},
{
"name": "247186",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"name": "32319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32319"
},
{
"name": "33121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "49872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49872"
},
{
"name": "33308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33308"
},
{
"name": "RHSA-2009:1287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"name": "1021382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021382"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "50036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50036"
},
{
"name": "32833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32833"
},
{
"name": "36558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36558"
},
{
"name": "50035",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"name": "1021235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021235"
},
{
"name": "34857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"name": "ADV-2008-3173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"name": "20081123 Revised: OpenSSH security advisory: cbc.adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"name": "openssh-sshtectia-cbc-info-disclosure(46620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"name": "32740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32740"
},
{
"name": "ADV-2009-1135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"name": "32760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32760"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "1021236",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"name": "HPSBMA02447",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SSRT090062",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"name": "ADV-2008-3409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"name": "ADV-2008-3172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"name": "oval:org.mitre.oval:def:11279",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"name": "20081121 OpenSSH security advisory: cbc.adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "VU#958563",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/958563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openssh.org/txt/cbc.adv",
"refsource": "CONFIRM",
"url": "http://openssh.org/txt/cbc.adv"
},
{
"name": "247186",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"name": "32319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32319"
},
{
"name": "33121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33121"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "49872",
"refsource": "OSVDB",
"url": "http://osvdb.org/49872"
},
{
"name": "33308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33308"
},
{
"name": "RHSA-2009:1287",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"name": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt",
"refsource": "MISC",
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"name": "1021382",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021382"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "50036",
"refsource": "OSVDB",
"url": "http://osvdb.org/50036"
},
{
"name": "32833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32833"
},
{
"name": "36558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36558"
},
{
"name": "50035",
"refsource": "OSVDB",
"url": "http://osvdb.org/50035"
},
{
"name": "http://www.ssh.com/company/news/article/953/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"name": "1021235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021235"
},
{
"name": "34857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34857"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm",
"refsource": "MISC",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"name": "http://support.attachmate.com/techdocs/2398.html",
"refsource": "CONFIRM",
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html",
"refsource": "CONFIRM",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"name": "ADV-2008-3173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"name": "20081123 Revised: OpenSSH security advisory: cbc.adv",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"name": "openssh-sshtectia-cbc-info-disclosure(46620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"name": "32740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32740"
},
{
"name": "ADV-2009-1135",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"name": "32760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32760"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "1021236",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021236"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"name": "HPSBMA02447",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"name": "http://isc.sans.org/diary.html?storyid=5366",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SSRT090062",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"name": "ADV-2008-3409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"name": "ADV-2008-3172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"name": "oval:org.mitre.oval:def:11279",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"name": "20081121 OpenSSH security advisory: cbc.adv",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "VU#958563",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/958563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5161",
"datePublished": "2008-11-19T17:00:00",
"dateReserved": "2008-11-19T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16905
Vulnerability from cvelistv5
Published
2019-10-09 00:00
Modified
2025-04-23 15:45
Severity ?
EPSS score ?
Summary
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-23T15:45:01.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/releasenotes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/09/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5\u0026r2=1.6\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1153537"
},
{
"tags": [
"x_transferred"
],
"url": "https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191024-0003/"
},
{
"name": "GLSA-201911-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201911-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T20:59:26.573Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/releasenotes.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2019/10/09/1"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5\u0026r2=1.6\u0026f=h"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1153537"
},
{
"url": "https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow"
},
{
"url": "https://security.netapp.com/advisory/ntap-20191024-0003/"
},
{
"name": "GLSA-201911-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201911-01"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16905",
"datePublished": "2019-10-09T00:00:00.000Z",
"dateReserved": "2019-09-26T00:00:00.000Z",
"dateUpdated": "2025-04-23T15:45:01.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10010
Vulnerability from cvelistv5
Published
2017-01-05 00:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94972"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"name": "FreeBSD-SA-17:01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce"
},
{
"name": "40962",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40962/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1010"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94972"
},
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"name": "FreeBSD-SA-17:01",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"url": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce"
},
{
"name": "40962",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40962/"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1010"
},
{
"url": "http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10010",
"datePublished": "2017-01-05T00:00:00",
"dateReserved": "2016-12-19T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6515
Vulnerability from cvelistv5
Published
2016-08-07 00:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03779en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
},
{
"name": "40888",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40888/"
},
{
"name": "92212",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92212"
},
{
"name": "FreeBSD-SA-17:06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1036487",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036487"
},
{
"name": "FEDORA-2016-4a3debc3a6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2016/08/01/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03779en_us"
},
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
},
{
"url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
},
{
"name": "40888",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40888/"
},
{
"name": "92212",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/92212"
},
{
"name": "FreeBSD-SA-17:06",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1036487",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036487"
},
{
"name": "FEDORA-2016-4a3debc3a6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2016/08/01/2"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6515",
"datePublished": "2016-08-07T00:00:00",
"dateReserved": "2016-08-01T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0539
Vulnerability from cvelistv5
Published
2011-02-10 17:00
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/02/04/2 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id?1025028 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/46155 | vdb-entry, x_refsource_BID | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2011/0284 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43181 | third-party-advisory, x_refsource_SECUNIA | |
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 | vendor-advisory, x_refsource_HP | |
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 | vendor-advisory, x_refsource_HP | |
| http://secunia.com/advisories/44269 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openssh.com/txt/legacy-cert.adv | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65163 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110204 Re: [vendor-sec] OpenSSH security advisory: legacy certificate signing in 5.6/5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/02/04/2"
},
{
"name": "1025028",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025028"
},
{
"name": "46155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46155"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "ADV-2011-0284",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0284"
},
{
"name": "43181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43181"
},
{
"name": "HPSBMA02658",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
},
{
"name": "SSRT100413",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
},
{
"name": "44269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/legacy-cert.adv"
},
{
"name": "openssh-certificate-info-disclosure(65163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110204 Re: [vendor-sec] OpenSSH security advisory: legacy certificate signing in 5.6/5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/02/04/2"
},
{
"name": "1025028",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025028"
},
{
"name": "46155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46155"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "ADV-2011-0284",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0284"
},
{
"name": "43181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43181"
},
{
"name": "HPSBMA02658",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
},
{
"name": "SSRT100413",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
},
{
"name": "44269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/legacy-cert.adv"
},
{
"name": "openssh-certificate-info-disclosure(65163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65163"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0539",
"datePublished": "2011-02-10T17:00:00",
"dateReserved": "2011-01-20T00:00:00",
"dateUpdated": "2024-08-06T21:58:25.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-26466
Vulnerability from cvelistv5
Published
2025-02-28 21:25
Modified
2025-04-10 23:10
Severity ?
EPSS score ?
Summary
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2025-26466 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2345043 | issue-tracking, x_refsource_REDHAT | |
| https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 9.5p1 < |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-05T03:48:43.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250228-0002/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/1"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/4"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1237041"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-26466"
},
{
"url": "https://ubuntu.com/security/CVE-2025-26466"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26466",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:51:35.555196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:51:39.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.openssh.com/",
"defaultStatus": "unaffected",
"packageName": "OpenSSH",
"repo": "https://anongit.mindrot.org/openssh.git",
"versions": [
{
"lessThanOrEqual": "9.9p1",
"status": "affected",
"version": "9.5p1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T23:10:06.357Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26466"
},
{
"name": "RHBZ#2345043",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345043"
},
{
"url": "https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-11T19:51:30.375000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-18T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openssh: denial-of-service in openssh",
"workarounds": [
{
"lang": "en",
"value": "This issue can be mitigated by setting the following three different options in the sshd configuration file located at: /etc/ssh/sshd_config\n\nMaxStartups: Set to a reasonable value, this option controls the maximum number of concurrent unauthenticated connections the SSH server accepts;\n\nPerSourcePenalties: Set its suboptions to a reasonable value, this option is used to help sshd to detect and drop connections that are potentially malicious for the SSH server;\n\nLoginGraceTime: Set to a resonable value, this option controls how much time the SSH server will wait the client to authenticate before dropping its connection;\n\nAll the three option above needs to be set to implement a full mitigation for this vulnerability."
}
],
"x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26466",
"datePublished": "2025-02-28T21:25:28.861Z",
"dateReserved": "2025-02-10T18:31:47.979Z",
"dateUpdated": "2025-04-10T23:10:06.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0992
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5312 | vdb-entry, x_refsource_XF | |
| http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057 | vendor-advisory, x_refsource_MANDRAKE | |
| http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1742 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "scp-overwrite-files(5312)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5312"
},
{
"name": "MDKSA-2000:057",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057"
},
{
"name": "20000930 scp file transfer hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html"
},
{
"name": "1742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "scp-overwrite-files(5312)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5312"
},
{
"name": "MDKSA-2000:057",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057"
},
{
"name": "20000930 scp file transfer hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html"
},
{
"name": "1742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "scp-overwrite-files(5312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5312"
},
{
"name": "MDKSA-2000:057",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057"
},
{
"name": "20000930 scp file transfer hole",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html"
},
{
"name": "1742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0992",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:32.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14145
Vulnerability from cvelistv5
Published
2020-06-29 17:33
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 | x_refsource_MISC | |
| https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200709-0004/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2020/12/02/1 | mailing-list, x_refsource_MLIST | |
| https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d | x_refsource_MISC | |
| https://docs.ssh-mitm.at/CVE-2020-14145.html | x_refsource_MISC | |
| https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202105-35 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200709-0004/"
},
{
"name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/02/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T13:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200709-0004/"
},
{
"name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/02/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1"
},
{
"name": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/",
"refsource": "MISC",
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200709-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200709-0004/"
},
{
"name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/02/1"
},
{
"name": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
"refsource": "MISC",
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
},
{
"name": "https://docs.ssh-mitm.at/CVE-2020-14145.html",
"refsource": "MISC",
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
},
{
"name": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
"refsource": "MISC",
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
},
{
"name": "GLSA-202105-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14145",
"datePublished": "2020-06-29T17:33:36",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38408
Vulnerability from cvelistv5
Published
2023-07-20 00:00
Modified
2024-10-15 18:33
Severity ?
EPSS score ?
Summary
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=36790196"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.3p2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"name": "GLSA-202307-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"name": "[oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
},
{
"name": "FEDORA-2023-878e04f4ae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/"
},
{
"name": "FEDORA-2023-79a18e1725",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230803-0010/"
},
{
"name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html"
},
{
"name": "[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
},
{
"name": "[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213940"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-38408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:36:21.400489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:33:21.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T05:50:59.479313",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://news.ycombinator.com/item?id=36790196"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent"
},
{
"url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt"
},
{
"url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca"
},
{
"url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8"
},
{
"url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d"
},
{
"url": "https://www.openssh.com/txt/release-9.3p2"
},
{
"url": "https://www.openssh.com/security.html"
},
{
"name": "GLSA-202307-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"name": "[oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/2"
},
{
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
},
{
"name": "FEDORA-2023-878e04f4ae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/"
},
{
"name": "FEDORA-2023-79a18e1725",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230803-0010/"
},
{
"name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html"
},
{
"name": "[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
},
{
"name": "[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
},
{
"url": "https://support.apple.com/kb/HT213940"
},
{
"url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38408",
"datePublished": "2023-07-20T00:00:00",
"dateReserved": "2023-07-17T00:00:00",
"dateUpdated": "2024-10-15T18:33:21.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0816
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01 | vendor-advisory, x_refsource_IMMUNIX | |
| http://www.redhat.com/support/errata/RHSA-2001-154.html | vendor-advisory, x_refsource_REDHAT | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431 | vendor-advisory, x_refsource_CONECTIVA | |
| http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7634 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5536 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IMNX-2001-70-034-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "RHSA-2001:154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-154.html"
},
{
"name": "CLSA-2001:431",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
},
{
"name": "20010918 OpenSSH: sftp \u0026 bypassing keypair auth restrictions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html"
},
{
"name": "openssh-sftp-bypass-restrictions(7634)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7634"
},
{
"name": "5536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IMNX-2001-70-034-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "RHSA-2001:154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-154.html"
},
{
"name": "CLSA-2001:431",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
},
{
"name": "20010918 OpenSSH: sftp \u0026 bypassing keypair auth restrictions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html"
},
{
"name": "openssh-sftp-bypass-restrictions(7634)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7634"
},
{
"name": "5536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IMNX-2001-70-034-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "RHSA-2001:154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-154.html"
},
{
"name": "CLSA-2001:431",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
},
{
"name": "20010918 OpenSSH: sftp \u0026 bypassing keypair auth restrictions",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html"
},
{
"name": "openssh-sftp-bypass-restrictions(7634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7634"
},
{
"name": "5536",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0816",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-11-13T00:00:00",
"dateUpdated": "2024-08-08T04:37:06.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0695
Vulnerability from cvelistv5
Published
2003-09-18 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:11.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"name": "DSA-383",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"name": "RHSA-2003:280",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=106375582924840"
},
{
"name": "CLA-2003:741",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000741"
},
{
"name": "2003-0033",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"name": "DSA-382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "MDKSA-2003:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"name": "oval:org.mitre.oval:def:452",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452"
},
{
"name": "RHSA-2003:279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"name": "20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106382542403716\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"buffer management errors\" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"name": "DSA-383",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"name": "RHSA-2003:280",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=106375582924840"
},
{
"name": "CLA-2003:741",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000741"
},
{
"name": "2003-0033",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"name": "DSA-382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "MDKSA-2003:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"name": "oval:org.mitre.oval:def:452",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452"
},
{
"name": "RHSA-2003:279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"name": "20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106382542403716\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"buffer management errors\" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"name": "DSA-383",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"name": "http://www.openssh.com/txt/buffer.adv",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"name": "RHSA-2003:280",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"name": "http://marc.info/?l=openbsd-security-announce\u0026m=106375582924840",
"refsource": "MISC",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=106375582924840"
},
{
"name": "CLA-2003:741",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000741"
},
{
"name": "2003-0033",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"name": "DSA-382",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "MDKSA-2003:090",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"name": "oval:org.mitre.oval:def:452",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452"
},
{
"name": "RHSA-2003:279",
"refsource": "REDHAT",
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"name": "20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106382542403716\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0695",
"datePublished": "2003-09-18T04:00:00",
"dateReserved": "2003-08-14T00:00:00",
"dateUpdated": "2024-08-08T02:05:11.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5052
Vulnerability from cvelistv5
Published
2006-09-27 23:00
Modified
2024-08-07 19:32
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:23.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20245"
},
{
"name": "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openssh.org/txt/release-4.4"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "GLSA-200611-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"name": "SUSE-SA:2006:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "29266",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29266"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "27588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"name": "1016939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016939"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"name": "oval:org.mitre.oval:def:10178",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10178"
},
{
"name": "openssh-gssapi-user-enumeration(29255)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29255"
},
{
"name": "22495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22495"
},
{
"name": "22823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22823"
},
{
"name": "SSA:2006-272-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"name": "RHSA-2007:0703",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"name": "RHSA-2006:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0697.html"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "28320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28320"
},
{
"name": "22173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22173"
},
{
"name": "RHSA-2007:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"name": "22158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22158"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20245"
},
{
"name": "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openssh.org/txt/release-4.4"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "GLSA-200611-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"name": "SUSE-SA:2006:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "29266",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29266"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "27588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"name": "1016939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016939"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"name": "oval:org.mitre.oval:def:10178",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10178"
},
{
"name": "openssh-gssapi-user-enumeration(29255)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29255"
},
{
"name": "22495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22495"
},
{
"name": "22823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22823"
},
{
"name": "SSA:2006-272-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"name": "RHSA-2007:0703",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"name": "RHSA-2006:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0697.html"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "28320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28320"
},
{
"name": "22173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22173"
},
{
"name": "RHSA-2007:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"name": "22158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22158"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-5052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20245"
},
{
"name": "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"name": "http://openssh.org/txt/release-4.4",
"refsource": "CONFIRM",
"url": "http://openssh.org/txt/release-4.4"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "GLSA-200611-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"name": "SUSE-SA:2006:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "29266",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29266"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "27588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27588"
},
{
"name": "https://issues.rpath.com/browse/RPL-681",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"name": "1016939",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016939"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"name": "oval:org.mitre.oval:def:10178",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10178"
},
{
"name": "openssh-gssapi-user-enumeration(29255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29255"
},
{
"name": "22495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22495"
},
{
"name": "22823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22823"
},
{
"name": "SSA:2006-272-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"refsource": "MLIST",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"name": "RHSA-2007:0703",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"name": "RHSA-2006:0697",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0697.html"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "28320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28320"
},
{
"name": "22173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22173"
},
{
"name": "RHSA-2007:0540",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"name": "22158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22158"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-5052",
"datePublished": "2006-09-27T23:00:00",
"dateReserved": "2006-09-27T00:00:00",
"dateUpdated": "2024-08-07T19:32:23.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5352
Vulnerability from cvelistv5
Published
2015-08-03 00:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2710-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2710-2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181023-0001/"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9\u0026id=1bf477d3cdf1a864646d59820878783d42357a1d"
},
{
"name": "[oss-security] 20150701 Re: CVE Request: two security issues in openSSH 6.9",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/07/01/10"
},
{
"name": "RHSA-2016:0741",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"name": "75525",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75525"
},
{
"name": "1032797",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032797"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-6.9"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "USN-2710-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2710-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2710-2",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2710-2"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20181023-0001/"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"url": "https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9\u0026id=1bf477d3cdf1a864646d59820878783d42357a1d"
},
{
"name": "[oss-security] 20150701 Re: CVE Request: two security issues in openSSH 6.9",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2015/07/01/10"
},
{
"name": "RHSA-2016:0741",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"name": "75525",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/75525"
},
{
"name": "1032797",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032797"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"url": "http://www.openssh.com/txt/release-6.9"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "USN-2710-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2710-1"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5352",
"datePublished": "2015-08-03T00:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48795
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2025-05-14 19:34
Severity ?
EPSS score ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-14T19:34:00.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.terrapin-attack.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"tags": [
"x_transferred"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"tags": [
"x_transferred"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"tags": [
"x_transferred"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": ""
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T03:55:20.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:06:23.972Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"url": "https://www.paramiko.org/changelog.html"
},
{
"url": "https://www.openssh.com/openbsd.html"
},
{
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"url": "https://www.terrapin-attack.com"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"url": "https://bugs.gentoo.org/920280"
},
{
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"url": "https://crates.io/crates/thrussh/versions"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"url": "https://filezilla-project.org/versions.php"
},
{
"url": "https://nova.app/releases/#v11.8"
},
{
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48795",
"datePublished": "2023-12-18T00:00:00.000Z",
"dateReserved": "2023-11-20T00:00:00.000Z",
"dateUpdated": "2025-05-14T19:34:00.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0693
Vulnerability from cvelistv5
Published
2003-09-17 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:11.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1000620",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1"
},
{
"name": "20030915 new ssh exploit?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html"
},
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"name": "openssh-packet-bo(13191)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191"
},
{
"name": "DSA-383",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"name": "20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106374466212309\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"name": "RHSA-2003:280",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"name": "CA-2003-24",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-24.html"
},
{
"name": "20030915 openssh remote exploit",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html"
},
{
"name": "oval:org.mitre.oval:def:2719",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719"
},
{
"name": "2003-0033",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"name": "20030916 The lowdown on SSH vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html"
},
{
"name": "DSA-382",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "20030916 OpenSSH Buffer Management Bug Advisory",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106373247528528\u0026w=2"
},
{
"name": "MDKSA-2003:090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"name": "oval:org.mitre.oval:def:447",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447"
},
{
"name": "RHSA-2003:279",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"name": "VU#333628",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/333628"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T10:06:03.064539",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1000620",
"tags": [
"vendor-advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1"
},
{
"name": "20030915 new ssh exploit?",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html"
},
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"name": "openssh-packet-bo(13191)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191"
},
{
"name": "DSA-383",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"name": "20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106374466212309\u0026w=2"
},
{
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"name": "RHSA-2003:280",
"tags": [
"vendor-advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"name": "CA-2003-24",
"tags": [
"third-party-advisory"
],
"url": "http://www.cert.org/advisories/CA-2003-24.html"
},
{
"name": "20030915 openssh remote exploit",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html"
},
{
"name": "oval:org.mitre.oval:def:2719",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719"
},
{
"name": "2003-0033",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"name": "20030916 The lowdown on SSH vulnerability",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html"
},
{
"name": "DSA-382",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "20030916 OpenSSH Buffer Management Bug Advisory",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106373247528528\u0026w=2"
},
{
"name": "MDKSA-2003:090",
"tags": [
"vendor-advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"name": "oval:org.mitre.oval:def:447",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447"
},
{
"name": "RHSA-2003:279",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"name": "VU#333628",
"tags": [
"third-party-advisory"
],
"url": "http://www.kb.cert.org/vuls/id/333628"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0693",
"datePublished": "2003-09-17T04:00:00",
"dateReserved": "2003-08-14T00:00:00",
"dateUpdated": "2024-08-08T02:05:11.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0682
Vulnerability from cvelistv5
Published
2003-09-18 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106381409220492&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2003/dsa-383 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2003-280.html | vendor-advisory, x_refsource_REDHAT | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.debian.org/security/2003/dsa-382 | vendor-advisory, x_refsource_DEBIAN | |
| http://marc.info/?l=bugtraq&m=106373546332230&w=2 | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:11.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"name": "DSA-383",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"name": "RHSA-2003:280",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"name": "CLA-2003:741",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000741"
},
{
"name": "DSA-382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "RHSA-2003:279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "\"Memory bugs\" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"name": "DSA-383",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"name": "RHSA-2003:280",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"name": "CLA-2003:741",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000741"
},
{
"name": "DSA-382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "RHSA-2003:279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:446",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"Memory bugs\" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"name": "DSA-383",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"name": "RHSA-2003:280",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"name": "CLA-2003:741",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000741"
},
{
"name": "DSA-382",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "RHSA-2003:279",
"refsource": "REDHAT",
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:446",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0682",
"datePublished": "2003-09-18T04:00:00",
"dateReserved": "2003-08-13T00:00:00",
"dateUpdated": "2024-08-08T02:05:11.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1653
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109413637313484&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17213 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1011143 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/9562 | vdb-entry, x_refsource_OSVDB | |
| https://security.netapp.com/advisory/ntap-20191107-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:36.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040831 SSHD / AnonCVS Nastyness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109413637313484\u0026w=2"
},
{
"name": "openssh-port-bounce(17213)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17213"
},
{
"name": "1011143",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011143"
},
{
"name": "9562",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191107-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T09:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040831 SSHD / AnonCVS Nastyness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109413637313484\u0026w=2"
},
{
"name": "openssh-port-bounce(17213)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17213"
},
{
"name": "1011143",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011143"
},
{
"name": "9562",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191107-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040831 SSHD / AnonCVS Nastyness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109413637313484\u0026w=2"
},
{
"name": "openssh-port-bounce(17213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17213"
},
{
"name": "1011143",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011143"
},
{
"name": "9562",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9562"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191107-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191107-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1653",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-21T00:00:00",
"dateUpdated": "2024-08-08T01:00:36.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6387
Vulnerability from cvelistv5
Published
2024-07-01 12:37
Modified
2025-05-21 18:20
Severity ?
EPSS score ?
Summary
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:4312 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4340 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4389 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4469 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4474 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4479 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4484 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-6387 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2294604 | issue-tracking, x_refsource_REDHAT | |
| https://santandersecurityresearch.github.io/blog/sshing_the_masses.html | ||
| https://www.openssh.com/txt/release-9.8 | ||
| https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 8.5p1 < |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T13:18:34.695298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T13:18:46.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-24T18:35:27.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"
},
{
"url": "https://www.exploit-db.com/exploits/52269"
},
{
"url": "https://packetstorm.news/files/id/190587/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/02/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/04/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/04/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/08/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/08/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"name": "RHSA-2024:4312",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4312"
},
{
"name": "RHSA-2024:4340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4340"
},
{
"name": "RHSA-2024:4389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4389"
},
{
"name": "RHSA-2024:4469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4469"
},
{
"name": "RHSA-2024:4474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4474"
},
{
"name": "RHSA-2024:4479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4479"
},
{
"name": "RHSA-2024:4484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6387"
},
{
"tags": [
"x_transferred"
],
"url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"
},
{
"name": "RHBZ#2294604",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
},
{
"tags": [
"x_transferred"
],
"url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=9132"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AlmaLinux/updates/issues/629"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/AKS/issues/4379"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microsoft/azurelinux/issues/9555"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oracle/oracle-linux/issues/149"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/issues/87"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zgzhang/cve-2024-6387-poc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40843778"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010"
},
{
"tags": [
"x_transferred"
],
"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2024-6387"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240701-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://sig-security.rocky.page/issues/CVE-2024-6387/"
},
{
"tags": [
"x_transferred"
],
"url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2024-6387"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6859-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2024-6387.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214118"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214120"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.openssh.com/",
"defaultStatus": "unaffected",
"packageName": "OpenSSH",
"repo": "https://anongit.mindrot.org/openssh.git",
"versions": [
{
"lessThanOrEqual": "9.7p1",
"status": "affected",
"version": "8.5p1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-38.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-38.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.0::baseos",
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-12.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-30.el9_2.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift:4.13::el8"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "413.92.202407091321-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "414.92.202407091253-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9",
"cpe:/a:redhat:openshift:4.15::el8"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "415.92.202407091355-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "416.94.202407081958-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ceph_storage:6"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Ceph Storage 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ceph_storage:7"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Ceph Storage 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue."
}
],
"datePublic": "2024-07-01T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-364",
"description": "Signal Handler Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T18:20:20.790Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:4312",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4312"
},
{
"name": "RHSA-2024:4340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4340"
},
{
"name": "RHSA-2024:4389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4389"
},
{
"name": "RHSA-2024:4469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4469"
},
{
"name": "RHSA-2024:4474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4474"
},
{
"name": "RHSA-2024:4479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4479"
},
{
"name": "RHSA-2024:4484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6387"
},
{
"name": "RHBZ#2294604",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
},
{
"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
},
{
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-07-01T08:00:00+00:00",
"value": "Made public."
}
],
"title": "Openssh: regresshion - race condition in ssh allows rce/dos",
"workarounds": [
{
"lang": "en",
"value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server\u0027s ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like \u0027fail2ban\u0027 alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."
}
],
"x_redhatCweChain": "CWE-364: Signal Handler Race Condition"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-6387",
"datePublished": "2024-07-01T12:37:25.431Z",
"dateReserved": "2024-06-27T13:41:03.421Z",
"dateUpdated": "2025-05-21T18:20:20.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-32728
Vulnerability from cvelistv5
Published
2025-04-10 00:00
Modified
2025-05-08 13:11
Severity ?
EPSS score ?
Summary
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T18:35:34.531350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:35:46.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-08T13:11:19.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSH",
"vendor": "OpenBSD",
"versions": [
{
"lessThan": "10.0",
"status": "affected",
"version": "7.4",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0",
"versionStartIncluding": "7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440 Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T01:40:34.658Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html"
},
{
"url": "https://www.openssh.com/txt/release-10.0"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32728",
"datePublished": "2025-04-10T00:00:00.000Z",
"dateReserved": "2025-04-10T00:00:00.000Z",
"dateUpdated": "2025-05-08T13:11:19.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4327
Vulnerability from cvelistv5
Published
2014-02-03 02:00
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openssh.com/txt/portable-keysign-rand-helper.adv | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=755640 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/portable-keysign-rand-helper.adv"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=755640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-03T02:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/portable-keysign-rand-helper.adv"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=755640"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4327",
"datePublished": "2014-02-03T02:00:00",
"dateReserved": "2011-11-04T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0872
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2001:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092"
},
{
"name": "HPSBUX0112-005",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005"
},
{
"name": "openssh-uselogin-execute-code(7647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7647"
},
{
"name": "CSSA-2001-042.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt"
},
{
"name": "688",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/688"
},
{
"name": "DSA-091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-091"
},
{
"name": "20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100749779131514\u0026w=2"
},
{
"name": "VU#157447",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/157447"
},
{
"name": "RHSA-2001:161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-161.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=100747128105913\u0026w=2"
},
{
"name": "3614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3614"
},
{
"name": "SuSE-SA:2001:045",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html"
},
{
"name": "CLA-2001:446",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000446"
},
{
"name": "M-026",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/m-026.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-28T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2001:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092"
},
{
"name": "HPSBUX0112-005",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005"
},
{
"name": "openssh-uselogin-execute-code(7647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7647"
},
{
"name": "CSSA-2001-042.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt"
},
{
"name": "688",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/688"
},
{
"name": "DSA-091",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-091"
},
{
"name": "20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100749779131514\u0026w=2"
},
{
"name": "VU#157447",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/157447"
},
{
"name": "RHSA-2001:161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-161.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=100747128105913\u0026w=2"
},
{
"name": "3614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3614"
},
{
"name": "SuSE-SA:2001:045",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html"
},
{
"name": "CLA-2001:446",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000446"
},
{
"name": "M-026",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/m-026.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2001:092",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092"
},
{
"name": "HPSBUX0112-005",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005"
},
{
"name": "openssh-uselogin-execute-code(7647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7647"
},
{
"name": "CSSA-2001-042.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt"
},
{
"name": "688",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/688"
},
{
"name": "DSA-091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-091"
},
{
"name": "20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100749779131514\u0026w=2"
},
{
"name": "VU#157447",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/157447"
},
{
"name": "RHSA-2001:161",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-161.html"
},
{
"name": "http://marc.info/?l=openssh-unix-dev\u0026m=100747128105913\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=100747128105913\u0026w=2"
},
{
"name": "3614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3614"
},
{
"name": "SuSE-SA:2001:045",
"refsource": "SUSE",
"url": "http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html"
},
{
"name": "CLA-2001:446",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000446"
},
{
"name": "M-026",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-026.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0872",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2001-12-03T00:00:00",
"dateUpdated": "2024-08-08T04:37:06.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2653
Vulnerability from cvelistv5
Published
2014-03-27 10:00
Modified
2024-08-06 10:21
Severity ?
EPSS score ?
Summary
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2164-1"
},
{
"name": "59855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59855"
},
{
"name": "RHSA-2015:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0166.html"
},
{
"name": "HPSBUX03188",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "66459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66459"
},
{
"name": "MDVSA-2015:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"name": "[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/03/26/7"
},
{
"name": "FEDORA-2014-6380",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"name": "DSA-2894",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"name": "RHSA-2014:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"
},
{
"name": "FEDORA-2014-6569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"name": "MDVSA-2014:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2164-1"
},
{
"name": "59855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59855"
},
{
"name": "RHSA-2015:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0166.html"
},
{
"name": "HPSBUX03188",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "66459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66459"
},
{
"name": "MDVSA-2015:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"name": "[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/03/26/7"
},
{
"name": "FEDORA-2014-6380",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"name": "DSA-2894",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"name": "RHSA-2014:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"
},
{
"name": "FEDORA-2014-6569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"name": "MDVSA-2014:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2164-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2164-1"
},
{
"name": "59855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59855"
},
{
"name": "RHSA-2015:0425",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0166.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0166.html"
},
{
"name": "HPSBUX03188",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "66459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66459"
},
{
"name": "MDVSA-2015:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"name": "[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/03/26/7"
},
{
"name": "FEDORA-2014-6380",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"name": "DSA-2894",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"name": "RHSA-2014:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"
},
{
"name": "FEDORA-2014-6569",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"name": "MDVSA-2014:068",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2653",
"datePublished": "2014-03-27T10:00:00",
"dateReserved": "2014-03-26T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1692
Vulnerability from cvelistv5
Published
2014-01-29 15:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=144050155601375&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=141576985122836&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=141576985122836&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h | x_refsource_MISC | |
| http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10 | x_refsource_MISC | |
| http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2014/01/29/2 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/102611 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/60184 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/65230 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2014/01/29/10 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90819 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "HPSBUX03188",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637"
},
{
"name": "[oss-security] 20140128 OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/01/29/2"
},
{
"name": "102611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102611"
},
{
"name": "60184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60184"
},
{
"name": "65230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65230"
},
{
"name": "[oss-security] 20140129 Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/01/29/10"
},
{
"name": "openssh-cve20141692-code-exec(90819)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90819"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "HPSBUX03188",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637"
},
{
"name": "[oss-security] 20140128 OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/01/29/2"
},
{
"name": "102611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102611"
},
{
"name": "60184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60184"
},
{
"name": "65230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65230"
},
{
"name": "[oss-security] 20140129 Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/01/29/10"
},
{
"name": "openssh-cve20141692-code-exec(90819)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90819"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-1692",
"datePublished": "2014-01-29T15:00:00",
"dateReserved": "2014-01-29T00:00:00",
"dateUpdated": "2024-08-06T09:50:11.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1459
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2917 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/797027 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=99324968918628&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6757 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2917"
},
{
"name": "VU#797027",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/797027"
},
{
"name": "20010619 pam session",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99324968918628\u0026w=2"
},
{
"name": "openssh-rsh-bypass-pam(6757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2917"
},
{
"name": "VU#797027",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/797027"
},
{
"name": "20010619 pam session",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99324968918628\u0026w=2"
},
{
"name": "openssh-rsh-bypass-pam(6757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2917"
},
{
"name": "VU#797027",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/797027"
},
{
"name": "20010619 pam session",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99324968918628\u0026w=2"
},
{
"name": "openssh-rsh-bypass-pam(6757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1459",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1169
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html | vendor-advisory, x_refsource_SUSE | |
| http://www.redhat.com/support/errata/RHSA-2000-111.html | vendor-advisory, x_refsource_REDHAT | |
| http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5517 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2000/20001118 | vendor-advisory, x_refsource_DEBIAN | |
| http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1949 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.osvdb.org/6248 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/2114 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2000:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3"
},
{
"name": "SuSE-SA:2000:47",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html"
},
{
"name": "RHSA-2000:111",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-111.html"
},
{
"name": "20001123 OpenSSH Security Advisory (adv.fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html"
},
{
"name": "openssh-unauthorized-access(5517)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5517"
},
{
"name": "20001118 openssh: possible remote exploit",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001118"
},
{
"name": "20001115 Trustix Security Advisory - bind and openssh (and modutils)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html"
},
{
"name": "1949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1949"
},
{
"name": "CLSA-2000:345",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000345"
},
{
"name": "6248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6248"
},
{
"name": "2114",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2000:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3"
},
{
"name": "SuSE-SA:2000:47",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html"
},
{
"name": "RHSA-2000:111",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-111.html"
},
{
"name": "20001123 OpenSSH Security Advisory (adv.fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html"
},
{
"name": "openssh-unauthorized-access(5517)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5517"
},
{
"name": "20001118 openssh: possible remote exploit",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001118"
},
{
"name": "20001115 Trustix Security Advisory - bind and openssh (and modutils)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html"
},
{
"name": "1949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1949"
},
{
"name": "CLSA-2000:345",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000345"
},
{
"name": "6248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6248"
},
{
"name": "2114",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2000:068",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3"
},
{
"name": "SuSE-SA:2000:47",
"refsource": "SUSE",
"url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html"
},
{
"name": "RHSA-2000:111",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-111.html"
},
{
"name": "20001123 OpenSSH Security Advisory (adv.fwd)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html"
},
{
"name": "openssh-unauthorized-access(5517)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5517"
},
{
"name": "20001118 openssh: possible remote exploit",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001118"
},
{
"name": "20001115 Trustix Security Advisory - bind and openssh (and modutils)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html"
},
{
"name": "1949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1949"
},
{
"name": "CLSA-2000:345",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000345"
},
{
"name": "6248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6248"
},
{
"name": "2114",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1169",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-12-14T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1657
Vulnerability from cvelistv5
Published
2008-04-02 18:00
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28531",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28531"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "USN-649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "32110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2419"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29609"
},
{
"name": "31531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31531"
},
{
"name": "[4.3] 001: SECURITY FIX: March 30, 2008",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata43.html#001_openssh"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-4.9"
},
{
"name": "1019733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019733"
},
{
"name": "ADV-2008-1624",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "29735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "32080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32080"
},
{
"name": "ADV-2008-2396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29939"
},
{
"name": "ADV-2008-1035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1035/references"
},
{
"name": "29602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29602"
},
{
"name": "20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"
},
{
"name": "NetBSD-SA2008-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"
},
{
"name": "29693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29693"
},
{
"name": "MDVSA-2008:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"
},
{
"name": "GLSA-200804-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "openssh-forcecommand-command-execution(41549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28531",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28531"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "USN-649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "32110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2419"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29609"
},
{
"name": "31531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31531"
},
{
"name": "[4.3] 001: SECURITY FIX: March 30, 2008",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata43.html#001_openssh"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/release-4.9"
},
{
"name": "1019733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019733"
},
{
"name": "ADV-2008-1624",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "29735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "32080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32080"
},
{
"name": "ADV-2008-2396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29939"
},
{
"name": "ADV-2008-1035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1035/references"
},
{
"name": "29602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29602"
},
{
"name": "20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"
},
{
"name": "NetBSD-SA2008-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"
},
{
"name": "29693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29693"
},
{
"name": "MDVSA-2008:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"
},
{
"name": "GLSA-200804-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "openssh-forcecommand-command-execution(41549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28531"
},
{
"name": "http://support.attachmate.com/techdocs/2374.html",
"refsource": "CONFIRM",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "USN-649-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "32110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32110"
},
{
"name": "https://issues.rpath.com/browse/RPL-2419",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2419"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29609"
},
{
"name": "31531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31531"
},
{
"name": "[4.3] 001: SECURITY FIX: March 30, 2008",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata43.html#001_openssh"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "http://www.openssh.com/txt/release-4.9",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/release-4.9"
},
{
"name": "1019733",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019733"
},
{
"name": "ADV-2008-1624",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "29735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "32080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32080"
},
{
"name": "ADV-2008-2396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29939"
},
{
"name": "ADV-2008-1035",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1035/references"
},
{
"name": "29602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29602"
},
{
"name": "20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"
},
{
"name": "NetBSD-SA2008-005",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"
},
{
"name": "29693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29693"
},
{
"name": "MDVSA-2008:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"
},
{
"name": "GLSA-200804-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "openssh-forcecommand-command-execution(41549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1657",
"datePublished": "2008-04-02T18:00:00",
"dateReserved": "2008-04-02T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6111
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"name": "106741",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106741"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"name": "USN-3885-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3885-2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"
},
{
"tags": [
"x_transferred"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "46193",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46193/"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"
},
{
"name": "FEDORA-2019-0f4190cdb0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
},
{
"name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1602",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
},
{
"name": "FreeBSD-EN-19:10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"
},
{
"name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"name": "106741",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/106741"
},
{
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"name": "USN-3885-2",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3885-2/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"
},
{
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "46193",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46193/"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"
},
{
"name": "FEDORA-2019-0f4190cdb0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
},
{
"name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1602",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
},
{
"name": "FreeBSD-EN-19:10",
"tags": [
"vendor-advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"
},
{
"name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6111",
"datePublished": "2019-01-31T00:00:00",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1907
Vulnerability from cvelistv5
Published
2016-01-19 00:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:39.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81293",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81293"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "FEDORA-2016-c330264861",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"tags": [
"x_transferred"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "81293",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/81293"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "FEDORA-2016-c330264861",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1907",
"datePublished": "2016-01-19T00:00:00",
"dateReserved": "2016-01-15T00:00:00",
"dateUpdated": "2024-08-05T23:10:39.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3234
Vulnerability from cvelistv5
Published
2008-07-18 16:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44037 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/6094 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/30276 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openssh-sshd-selinuxrole-unauth-access(44037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44037"
},
{
"name": "6094",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6094"
},
{
"name": "30276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openssh-sshd-selinuxrole-unauth-access(44037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44037"
},
{
"name": "6094",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6094"
},
{
"name": "30276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openssh-sshd-selinuxrole-unauth-access(44037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44037"
},
{
"name": "6094",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6094"
},
{
"name": "30276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3234",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0143
Vulnerability from cvelistv5
Published
2000-02-16 05:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0143 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:54.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:22:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0143",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0143",
"datePublished": "2000-02-16T05:00:00",
"dateReserved": "2000-02-16T00:00:00",
"dateUpdated": "2024-08-08T05:05:54.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10011
Vulnerability from cvelistv5
Published
2017-01-05 00:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "94977",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94977"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "94977",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94977"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10011",
"datePublished": "2017-01-05T00:00:00",
"dateReserved": "2016-12-19T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5600
Vulnerability from cvelistv5
Published
2015-08-03 00:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:03.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "USN-2710-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2710-2"
},
{
"name": "FEDORA-2015-13469",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10136"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20151106-0001/"
},
{
"name": "RHSA-2016:0466",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42\u0026r2=1.43\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10157"
},
{
"name": "75990",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75990"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "92012",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92012"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "[oss-security] 20150723 Re: CVE Request for OpenSSH vulnerability - authentication limits bypass",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/07/23/4"
},
{
"name": "USN-2710-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2710-1"
},
{
"name": "FEDORA-2015-11981",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html"
},
{
"name": "1032988",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032988"
},
{
"name": "20150717 OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/92"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "USN-2710-2",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2710-2"
},
{
"name": "FEDORA-2015-13469",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10136"
},
{
"url": "https://security.netapp.com/advisory/ntap-20151106-0001/"
},
{
"name": "RHSA-2016:0466",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42\u0026r2=1.43\u0026f=h"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10157"
},
{
"name": "75990",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/75990"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "92012",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/92012"
},
{
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "[oss-security] 20150723 Re: CVE Request for OpenSSH vulnerability - authentication limits bypass",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2015/07/23/4"
},
{
"name": "USN-2710-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2710-1"
},
{
"name": "FEDORA-2015-11981",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html"
},
{
"name": "1032988",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032988"
},
{
"name": "20150717 OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/92"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5600",
"datePublished": "2015-08-03T00:00:00",
"dateReserved": "2015-07-20T00:00:00",
"dateUpdated": "2024-08-06T06:50:03.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25136
Vulnerability from cvelistv5
Published
2023-02-03 00:00
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/02/02/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3522"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946"
},
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=34711565"
},
{
"name": "[oss-security] 20230213 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/13/1"
},
{
"name": "[oss-security] 20230222 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/1"
},
{
"name": "[oss-security] 20230222 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/2"
},
{
"name": "[oss-security] 20230223 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/23/3"
},
{
"name": "[oss-security] 20230306 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/06/1"
},
{
"name": "[oss-security] 20230309 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/09/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230309-0003/"
},
{
"name": "FEDORA-2023-1176c8b10c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/"
},
{
"name": "FEDORA-2023-123647648e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/"
},
{
"name": "GLSA-202307-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202307-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/02/02/2"
},
{
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3522"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946"
},
{
"url": "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/"
},
{
"url": "https://news.ycombinator.com/item?id=34711565"
},
{
"name": "[oss-security] 20230213 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/13/1"
},
{
"name": "[oss-security] 20230222 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/1"
},
{
"name": "[oss-security] 20230222 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/2"
},
{
"name": "[oss-security] 20230223 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/23/3"
},
{
"name": "[oss-security] 20230306 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/06/1"
},
{
"name": "[oss-security] 20230309 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/09/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230309-0003/"
},
{
"name": "FEDORA-2023-1176c8b10c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/"
},
{
"name": "FEDORA-2023-123647648e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/"
},
{
"name": "GLSA-202307-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202307-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25136",
"datePublished": "2023-02-03T00:00:00",
"dateReserved": "2023-02-03T00:00:00",
"dateUpdated": "2024-08-02T11:18:35.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0777
Vulnerability from cvelistv5
Published
2016-01-14 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"name": "80695",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80695"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "FreeBSD-SA-16:07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
},
{
"name": "FEDORA-2016-c330264861",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "FEDORA-2016-67c6ef0d4f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"name": "80695",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/80695"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "FreeBSD-SA-16:07",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
},
{
"name": "FEDORA-2016-c330264861",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "FEDORA-2016-67c6ef0d4f",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0777",
"datePublished": "2016-01-14T00:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41617
Vulnerability from cvelistv5
Published
2021-09-26 00:00
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/09/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-8.8"
},
{
"name": "FEDORA-2021-1f7339271d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/"
},
{
"name": "FEDORA-2021-f8df0f8563",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/"
},
{
"name": "FEDORA-2021-fa0e94198f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190975"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220805-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/plugins/nessus/154174"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-26T04:06:21.619780",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/security.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/09/26/1"
},
{
"url": "https://www.openssh.com/txt/release-8.8"
},
{
"name": "FEDORA-2021-1f7339271d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/"
},
{
"name": "FEDORA-2021-f8df0f8563",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/"
},
{
"name": "FEDORA-2021-fa0e94198f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190975"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211014-0004/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220805-0001/"
},
{
"url": "https://www.tenable.com/plugins/nessus/154174"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41617",
"datePublished": "2021-09-26T00:00:00",
"dateReserved": "2021-09-26T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6110
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
},
{
"tags": [
"x_transferred"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "46193",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46193/"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
},
{
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "46193",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46193/"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6110",
"datePublished": "2019-01-31T00:00:00",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51767
Vulnerability from cvelistv5
Published
2023-12-24 00:00
Modified
2024-08-02 22:48
Severity ?
EPSS score ?
Summary
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:11.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://arxiv.org/abs/2309.02545"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255850"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-51767"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-51767"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240125-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T14:06:38.770250",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://arxiv.org/abs/2309.02545"
},
{
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878"
},
{
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255850"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-51767"
},
{
"url": "https://ubuntu.com/security/CVE-2023-51767"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51767",
"datePublished": "2023-12-24T00:00:00",
"dateReserved": "2023-12-24T00:00:00",
"dateUpdated": "2024-08-02T22:48:11.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1382
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/Owl/CHANGES-stable.shtml | x_refsource_CONFIRM | |
| http://www.osvdb.org/5408 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/Owl/CHANGES-stable.shtml"
},
{
"name": "5408",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"echo simulation\" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/Owl/CHANGES-stable.shtml"
},
{
"name": "5408",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"echo simulation\" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/Owl/CHANGES-stable.shtml",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/Owl/CHANGES-stable.shtml"
},
{
"name": "5408",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1382",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2069
Vulnerability from cvelistv5
Published
2005-05-05 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "ADV-2006-4502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name": "[openssh-unix-dev] 20040127 OpenSSH - Connection problem when LoginGraceTime exceeds time",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=107520317020444\u0026w=2"
},
{
"name": "16567",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16567"
},
{
"name": "22875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22875"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "openssh-sshdc-logingracetime-dos(20930)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/download/esx/esx-202-200610-patch.html"
},
{
"name": "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451426/100/200/threaded"
},
{
"name": "FLSA-2006:168935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html"
},
{
"name": "[openssh-unix-dev] 20040128 Re: OpenSSH - Connection problem when LoginGraceTime exceeds time",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=107529205602320\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf"
},
{
"name": "17000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17000"
},
{
"name": "14963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14963"
},
{
"name": "17252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17252"
},
{
"name": "17135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17135"
},
{
"name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11541",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11541"
},
{
"name": "RHSA-2005:550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2005-550.html"
},
{
"name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "ADV-2006-4502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name": "[openssh-unix-dev] 20040127 OpenSSH - Connection problem when LoginGraceTime exceeds time",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=107520317020444\u0026w=2"
},
{
"name": "16567",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16567"
},
{
"name": "22875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22875"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "openssh-sshdc-logingracetime-dos(20930)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/download/esx/esx-202-200610-patch.html"
},
{
"name": "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451426/100/200/threaded"
},
{
"name": "FLSA-2006:168935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html"
},
{
"name": "[openssh-unix-dev] 20040128 Re: OpenSSH - Connection problem when LoginGraceTime exceeds time",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=107529205602320\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf"
},
{
"name": "17000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17000"
},
{
"name": "14963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14963"
},
{
"name": "17252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17252"
},
{
"name": "17135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17135"
},
{
"name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:11541",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11541"
},
{
"name": "RHSA-2005:550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2005-550.html"
},
{
"name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2004-2069",
"datePublished": "2005-05-05T04:00:00",
"dateReserved": "2005-05-05T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1585
Vulnerability from cvelistv5
Published
2007-10-06 21:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-02/0159.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.openbsd.org/advisories/ssh_bypass.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6084 | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/bid/2356 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010208 Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel snapshot)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0159.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/advisories/ssh_bypass.txt"
},
{
"name": "openssh-bypass-authentication(6084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6084"
},
{
"name": "2356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://online.securityfocus.com/bid/2356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user\u0027s authorized_keys file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010208 Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel snapshot)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0159.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/advisories/ssh_bypass.txt"
},
{
"name": "openssh-bypass-authentication(6084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6084"
},
{
"name": "2356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://online.securityfocus.com/bid/2356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user\u0027s authorized_keys file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010208 Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel snapshot)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0159.html"
},
{
"name": "http://www.openbsd.org/advisories/ssh_bypass.txt",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/advisories/ssh_bypass.txt"
},
{
"name": "openssh-bypass-authentication(6084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6084"
},
{
"name": "2356",
"refsource": "BID",
"url": "http://online.securityfocus.com/bid/2356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1585",
"datePublished": "2007-10-06T21:00:00",
"dateReserved": "2007-10-06T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2768
Vulnerability from cvelistv5
Published
2007-05-21 20:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/34601 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html | mailing-list, x_refsource_FULLDISC | |
| https://security.netapp.com/advisory/ntap-20191107-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34601"
},
{
"name": "20070424 Re: OpenSSH - System Account Enumeration if S/Key is used",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191107-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T09:06:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34601"
},
{
"name": "20070424 Re: OpenSSH - System Account Enumeration if S/Key is used",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191107-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34601",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34601"
},
{
"name": "20070424 Re: OpenSSH - System Account Enumeration if S/Key is used",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191107-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191107-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2768",
"datePublished": "2007-05-21T20:00:00",
"dateReserved": "2007-05-21T00:00:00",
"dateUpdated": "2024-08-07T13:49:57.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51385
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/26/4"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T21:08:08.727930",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/26/4"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51385",
"datePublished": "2023-12-18T00:00:00",
"dateReserved": "2023-12-18T00:00:00",
"dateUpdated": "2024-08-02T22:32:09.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4478
Vulnerability from cvelistv5
Published
2010-12-06 22:00
Modified
2024-08-07 03:43
Severity ?
EPSS score ?
Summary
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5 | x_refsource_CONFIRM | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h | x_refsource_CONFIRM | |
| https://github.com/seb-m/jpake | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=659297 | x_refsource_CONFIRM | |
| http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:12338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/seb-m/jpake"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:12338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/seb-m/jpake"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:12338",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h"
},
{
"name": "https://github.com/seb-m/jpake",
"refsource": "MISC",
"url": "https://github.com/seb-m/jpake"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=659297",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
},
{
"name": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf",
"refsource": "MISC",
"url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4478",
"datePublished": "2010-12-06T22:00:00",
"dateReserved": "2010-12-06T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0217
Vulnerability from cvelistv5
Published
2000-04-10 04:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/1006 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:54.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client\u0027s X sessions via a malicious xauth program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client\u0027s X sessions via a malicious xauth program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0217",
"datePublished": "2000-04-10T04:00:00",
"dateReserved": "2000-03-22T00:00:00",
"dateUpdated": "2024-08-08T05:05:54.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1507
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openbsd.org/errata30.html#sshd | x_refsource_CONFIRM | |
| http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/114.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3560 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/7598.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/errata30.html#sshd"
},
{
"name": "20011119 OpenSSH 3.0.1 (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/114.html"
},
{
"name": "3560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3560"
},
{
"name": "openssh-kerberos-elevate-privileges(7598)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7598.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/errata30.html#sshd"
},
{
"name": "20011119 OpenSSH 3.0.1 (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/114.html"
},
{
"name": "3560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3560"
},
{
"name": "openssh-kerberos-elevate-privileges(7598)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7598.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openbsd.org/errata30.html#sshd",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/errata30.html#sshd"
},
{
"name": "20011119 OpenSSH 3.0.1 (fwd)",
"refsource": "BUGTRAQ",
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/114.html"
},
{
"name": "3560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3560"
},
{
"name": "openssh-kerberos-elevate-privileges(7598)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7598.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1507",
"datePublished": "2005-07-14T04:00:00",
"dateReserved": "2005-07-14T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20685
Vulnerability from cvelistv5
Published
2019-01-10 00:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
},
{
"name": "106531",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106531"
},
{
"tags": [
"x_transferred"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"name": "GLSA-202007-53",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
},
{
"name": "106531",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/106531"
},
{
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"name": "GLSA-202007-53",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20685",
"datePublished": "2019-01-10T00:00:00",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0083
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020311 TSLSA-2002-0039 - openssh",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
},
{
"name": "CSSA-2002-SCO.10",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
},
{
"name": "730",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/730"
},
{
"name": "4241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4241"
},
{
"name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
},
{
"name": "CSSA-2002-SCO.11",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
},
{
"name": "HPSBTL0203-029",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3960"
},
{
"name": "DSA-119",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-119"
},
{
"name": "SuSE-SA:2002:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
},
{
"name": "CSSA-2002-012.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
},
{
"name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
},
{
"name": "ESA-20020307-007",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
},
{
"name": "CLA-2002:467",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
},
{
"name": "NetBSD-SA2002-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
},
{
"name": "FreeBSD-SA-02:13",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
},
{
"name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
},
{
"name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
},
{
"name": "MDKSA-2002:019",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
},
{
"name": "RHSA-2002:043",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
},
{
"name": "openssh-channel-error(8383)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8383.php"
},
{
"name": "http://www.openbsd.org/advisories/ssh_channelalloc.txt",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
},
{
"name": "20020328 OpenSSH channel_lookup() off by one exploit",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/264657"
},
{
"name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0083",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-06T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1562
Vulnerability from cvelistv5
Published
2008-08-04 10:00
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030501 Re: OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/320153"
},
{
"name": "20030501 Re: OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/320302"
},
{
"name": "7482",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7482"
},
{
"name": "20030505 Re: OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/320440"
},
{
"tags": [
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030501 Re: OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/320153"
},
{
"name": "20030501 Re: OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/320302"
},
{
"name": "7482",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/7482"
},
{
"name": "20030505 Re: OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/320440"
},
{
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1562",
"datePublished": "2008-08-04T10:00:00Z",
"dateReserved": "2008-08-03T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:09.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0386
Vulnerability from cvelistv5
Published
2003-06-10 04:00
Modified
2024-08-08 01:50
Severity ?
EPSS score ?
Summary
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "RHSA-2006:0298",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "VU#978316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/978316"
},
{
"name": "oval:org.mitre.oval:def:9894",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00038.html"
},
{
"name": "7831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7831"
},
{
"name": "21262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21262"
},
{
"name": "21129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21129"
},
{
"name": "20030605 OpenSSH remote clent address restriction circumvention",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0"
},
{
"name": "21724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21724"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "22196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22196"
},
{
"name": "RHSA-2006:0698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "20060703-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass \"from=\" and \"user@host\" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "RHSA-2006:0298",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "VU#978316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/978316"
},
{
"name": "oval:org.mitre.oval:def:9894",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.apple.com/mhonarc/security-announce/msg00038.html"
},
{
"name": "7831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7831"
},
{
"name": "21262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21262"
},
{
"name": "21129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21129"
},
{
"name": "20030605 OpenSSH remote clent address restriction circumvention",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0"
},
{
"name": "21724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21724"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "22196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22196"
},
{
"name": "RHSA-2006:0698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "20060703-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass \"from=\" and \"user@host\" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "RHSA-2006:0298",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
},
{
"name": "23680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23680"
},
{
"name": "VU#978316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/978316"
},
{
"name": "oval:org.mitre.oval:def:9894",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894"
},
{
"name": "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00038.html"
},
{
"name": "7831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7831"
},
{
"name": "21262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21262"
},
{
"name": "21129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21129"
},
{
"name": "20030605 OpenSSH remote clent address restriction circumvention",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0"
},
{
"name": "21724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21724"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
},
{
"name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "22196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22196"
},
{
"name": "RHSA-2006:0698",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0386",
"datePublished": "2003-06-10T04:00:00",
"dateReserved": "2003-06-09T00:00:00",
"dateUpdated": "2024-08-08T01:50:47.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2243
Vulnerability from cvelistv5
Published
2007-04-25 16:00
Modified
2024-08-07 13:33
Severity ?
EPSS score ?
Summary
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/23601 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/2631 | third-party-advisory, x_refsource_SREASON | |
| http://www.osvdb.org/34600 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33794 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html | mailing-list, x_refsource_FULLDISC | |
| https://security.netapp.com/advisory/ntap-20191107-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070421 OpenSSH - System Account Enumeration if S/Key is used",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html"
},
{
"name": "23601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23601"
},
{
"name": "2631",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2631"
},
{
"name": "34600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34600"
},
{
"name": "openssh-challenge-information-disclosure(33794)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33794"
},
{
"name": "20070424 OpenSSH - System Account Enumeration if S/Key is used",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191107-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T09:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070421 OpenSSH - System Account Enumeration if S/Key is used",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html"
},
{
"name": "23601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23601"
},
{
"name": "2631",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2631"
},
{
"name": "34600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34600"
},
{
"name": "openssh-challenge-information-disclosure(33794)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33794"
},
{
"name": "20070424 OpenSSH - System Account Enumeration if S/Key is used",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191107-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070421 OpenSSH - System Account Enumeration if S/Key is used",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html"
},
{
"name": "23601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23601"
},
{
"name": "2631",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2631"
},
{
"name": "34600",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34600"
},
{
"name": "openssh-challenge-information-disclosure(33794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33794"
},
{
"name": "20070424 OpenSSH - System Account Enumeration if S/Key is used",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191107-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191107-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2243",
"datePublished": "2007-04-25T16:00:00",
"dateReserved": "2007-04-25T00:00:00",
"dateUpdated": "2024-08-07T13:33:27.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0786
Vulnerability from cvelistv5
Published
2003-09-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openssh.com/txt/sshpam.adv | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/8677 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/338617 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/338616 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html | mailing-list, x_refsource_FULLDISC | |
| http://www.kb.cert.org/vuls/id/602204 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"name": "8677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8677"
},
{
"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"name": "20030923 Portable OpenSSH 3.7.1p2 released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
},
{
"name": "VU#602204",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"name": "8677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8677"
},
{
"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"name": "20030923 Portable OpenSSH 3.7.1p2 released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
},
{
"name": "VU#602204",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openssh.com/txt/sshpam.adv",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"name": "8677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8677"
},
{
"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"name": "20030923 Portable OpenSSH 3.7.1p2 released",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
},
{
"name": "VU#602204",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0786",
"datePublished": "2003-09-25T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4925
Vulnerability from cvelistv5
Published
2006-09-29 00:00
Modified
2024-08-07 19:32
Severity ?
EPSS score ?
Summary
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23038"
},
{
"name": "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"name": "SUSE-SR:2006:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name": "SUSE-SA:2006:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"name": "22298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144\u0026r2=1.145\u0026f=h"
},
{
"name": "22495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22495"
},
{
"name": "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"name": "OpenPKG-SA-2006.022",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name": "22245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"name": "MDKSA-2006:179",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "23038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23038"
},
{
"name": "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"name": "SUSE-SR:2006:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name": "SUSE-SA:2006:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"name": "22298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144\u0026r2=1.145\u0026f=h"
},
{
"name": "22495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22495"
},
{
"name": "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"name": "OpenPKG-SA-2006.022",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name": "22245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"name": "MDKSA-2006:179",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4925",
"datePublished": "2006-09-29T00:00:00",
"dateReserved": "2006-09-21T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0144
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2347 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6083 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/503 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=98168366406903&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/795 | vdb-entry, x_refsource_OSVDB | |
| http://razor.bindview.com/publish/advisories/adv_ssh1crc.html | vendor-advisory, x_refsource_BINDVIEW | |
| http://www.cert.org/advisories/CA-2001-35.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2347"
},
{
"name": "ssh-deattack-overwrite-memory(6083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6083"
},
{
"name": "503",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/503"
},
{
"name": "20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98168366406903\u0026w=2"
},
{
"name": "795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/795"
},
{
"name": "20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector",
"tags": [
"vendor-advisory",
"x_refsource_BINDVIEW",
"x_transferred"
],
"url": "http://razor.bindview.com/publish/advisories/adv_ssh1crc.html"
},
{
"name": "CA-2001-35",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-35.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2347"
},
{
"name": "ssh-deattack-overwrite-memory(6083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6083"
},
{
"name": "503",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/503"
},
{
"name": "20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98168366406903\u0026w=2"
},
{
"name": "795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/795"
},
{
"name": "20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector",
"tags": [
"vendor-advisory",
"x_refsource_BINDVIEW"
],
"url": "http://razor.bindview.com/publish/advisories/adv_ssh1crc.html"
},
{
"name": "CA-2001-35",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-35.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2347"
},
{
"name": "ssh-deattack-overwrite-memory(6083)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6083"
},
{
"name": "503",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/503"
},
{
"name": "20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98168366406903\u0026w=2"
},
{
"name": "795",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/795"
},
{
"name": "20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector",
"refsource": "BINDVIEW",
"url": "http://razor.bindview.com/publish/advisories/adv_ssh1crc.html"
},
{
"name": "CA-2001-35",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-35.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0144",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-08T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2797
Vulnerability from cvelistv5
Published
2005-09-06 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt | vendor-advisory, x_refsource_SCO | |
| http://secunia.com/advisories/19243 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=112605977304049&w=2 | vendor-advisory, x_refsource_OPENPKG | |
| http://www.osvdb.org/19142 | vdb-entry, x_refsource_OSVDB | |
| ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt | vendor-advisory, x_refsource_SCO | |
| http://secunia.com/advisories/18661 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/18010 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html | mailing-list, x_refsource_MLIST | |
| http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/14727 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1014845 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/16686 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SCOSA-2005.53",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt"
},
{
"name": "19243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19243"
},
{
"name": "OpenPKG-SA-2005.019",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605977304049\u0026w=2"
},
{
"name": "19142",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19142"
},
{
"name": "SCOSA-2006.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"name": "18661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18661"
},
{
"name": "18010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18010"
},
{
"name": "[openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm"
},
{
"name": "14727",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14727"
},
{
"name": "1014845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014845"
},
{
"name": "16686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding (\"-D\" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SCOSA-2005.53",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt"
},
{
"name": "19243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19243"
},
{
"name": "OpenPKG-SA-2005.019",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605977304049\u0026w=2"
},
{
"name": "19142",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19142"
},
{
"name": "SCOSA-2006.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"name": "18661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18661"
},
{
"name": "18010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18010"
},
{
"name": "[openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm"
},
{
"name": "14727",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14727"
},
{
"name": "1014845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014845"
},
{
"name": "16686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16686"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2797",
"datePublished": "2005-09-06T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0883
Vulnerability from cvelistv5
Published
2006-03-07 02:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0805 | vdb-entry, x_refsource_VUPEN | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/23797 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015706 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/520 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/16892 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25116 | vdb-entry, x_refsource_XF | |
| http://bugzilla.mindrot.org/show_bug.cgi?id=839 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0805",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0805"
},
{
"name": "FreeBSD-SA-06:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc"
},
{
"name": "23797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23797"
},
{
"name": "1015706",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015706"
},
{
"name": "520",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/520"
},
{
"name": "16892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16892"
},
{
"name": "openssh-openpam-dos(25116)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.mindrot.org/show_bug.cgi?id=839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "ADV-2006-0805",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0805"
},
{
"name": "FreeBSD-SA-06:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc"
},
{
"name": "23797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23797"
},
{
"name": "1015706",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015706"
},
{
"name": "520",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/520"
},
{
"name": "16892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16892"
},
{
"name": "openssh-openpam-dos(25116)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.mindrot.org/show_bug.cgi?id=839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0805",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0805"
},
{
"name": "FreeBSD-SA-06:09",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc"
},
{
"name": "23797",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23797"
},
{
"name": "1015706",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015706"
},
{
"name": "520",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/520"
},
{
"name": "16892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16892"
},
{
"name": "openssh-openpam-dos(25116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25116"
},
{
"name": "http://bugzilla.mindrot.org/show_bug.cgi?id=839",
"refsource": "CONFIRM",
"url": "http://bugzilla.mindrot.org/show_bug.cgi?id=839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-0883",
"datePublished": "2006-03-07T02:00:00",
"dateReserved": "2006-02-24T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0525
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/4646 | vdb-entry, x_refsource_XF | |
| http://www.openbsd.org/errata.html#uselogin | vendor-advisory, x_refsource_OPENBSD | |
| http://www.osvdb.org/341 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1334 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:30.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openssh-uselogin-remote-exec(4646)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4646"
},
{
"name": "20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata.html#uselogin"
},
{
"name": "341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/341"
},
{
"name": "20000609 OpenSSH\u0027s UseLogin option allows remote access with root privilege.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html"
},
{
"name": "1334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openssh-uselogin-remote-exec(4646)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4646"
},
{
"name": "20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata.html#uselogin"
},
{
"name": "341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/341"
},
{
"name": "20000609 OpenSSH\u0027s UseLogin option allows remote access with root privilege.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html"
},
{
"name": "1334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openssh-uselogin-remote-exec(4646)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4646"
},
{
"name": "20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#uselogin"
},
{
"name": "341",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/341"
},
{
"name": "20000609 OpenSSH\u0027s UseLogin option allows remote access with root privilege.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html"
},
{
"name": "1334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0525",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:30.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0787
Vulnerability from cvelistv5
Published
2003-09-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openssh.com/txt/sshpam.adv | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/8677 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/209807 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/archive/1/338617 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/338616 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"name": "8677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8677"
},
{
"name": "VU#209807",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209807"
},
{
"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"name": "20030923 Portable OpenSSH 3.7.1p2 released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"name": "8677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8677"
},
{
"name": "VU#209807",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/209807"
},
{
"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"name": "20030923 Portable OpenSSH 3.7.1p2 released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openssh.com/txt/sshpam.adv",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"name": "8677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8677"
},
{
"name": "VU#209807",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/209807"
},
{
"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"name": "20030923 Portable OpenSSH 3.7.1p2 released",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0787",
"datePublished": "2003-09-25T04:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1029
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/6073 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8697 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:06.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html"
},
{
"name": "6073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6073"
},
{
"name": "bsd-libutil-privilege-dropping(8697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8697"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html"
},
{
"name": "6073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6073"
},
{
"name": "bsd-libutil-privilege-dropping(8697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8697"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html"
},
{
"name": "6073",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6073"
},
{
"name": "bsd-libutil-privilege-dropping(8697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8697"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1029",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:44:06.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5229
Vulnerability from cvelistv5
Published
2006-10-10 23:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25979 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/448702/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/448025/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/448156/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2007/2545 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/20418 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/448108/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/32721 | vdb-entry, x_refsource_OSVDB | |
| http://www.sybsecurity.com/hack-proventia-1.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25979"
},
{
"name": "20061014 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded"
},
{
"name": "20061009 yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded"
},
{
"name": "20061010 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded"
},
{
"name": "ADV-2007-2545",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2545"
},
{
"name": "20418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20418"
},
{
"name": "20061009 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded"
},
{
"name": "32721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25979"
},
{
"name": "20061014 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded"
},
{
"name": "20061009 yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded"
},
{
"name": "20061010 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded"
},
{
"name": "ADV-2007-2545",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2545"
},
{
"name": "20418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20418"
},
{
"name": "20061009 Re: yet another OpenSSH timing leak?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded"
},
{
"name": "32721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25979"
},
{
"name": "20061014 Re: yet another OpenSSH timing leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448702/100/0/threaded"
},
{
"name": "20061009 yet another OpenSSH timing leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448025/100/0/threaded"
},
{
"name": "20061010 Re: yet another OpenSSH timing leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448156/100/0/threaded"
},
{
"name": "ADV-2007-2545",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2545"
},
{
"name": "20418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20418"
},
{
"name": "20061009 Re: yet another OpenSSH timing leak?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448108/100/0/threaded"
},
{
"name": "32721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32721"
},
{
"name": "http://www.sybsecurity.com/hack-proventia-1.pdf",
"refsource": "MISC",
"url": "http://www.sybsecurity.com/hack-proventia-1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5229",
"datePublished": "2006-10-10T23:00:00",
"dateReserved": "2006-10-10T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4548
Vulnerability from cvelistv5
Published
2013-11-08 15:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openssh.com/txt/gcmrekey.adv | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2013/11/08/3 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=bugtraq&m=141576985122836&w=2 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=141576985122836&w=2 | vendor-advisory, x_refsource_HP | |
| http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-2014-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/gcmrekey.adv"
},
{
"name": "[oss-security] 20131107 Re: CVE Request - OpenSSH",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/11/08/3"
},
{
"name": "HPSBUX03188",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "openSUSE-SU-2013:1726",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.html"
},
{
"name": "USN-2014-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2014-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/gcmrekey.adv"
},
{
"name": "[oss-security] 20131107 Re: CVE Request - OpenSSH",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/11/08/3"
},
{
"name": "HPSBUX03188",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "openSUSE-SU-2013:1726",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.html"
},
{
"name": "USN-2014-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2014-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openssh.com/txt/gcmrekey.adv",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/gcmrekey.adv"
},
{
"name": "[oss-security] 20131107 Re: CVE Request - OpenSSH",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/11/08/3"
},
{
"name": "HPSBUX03188",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "openSUSE-SU-2013:1726",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.html"
},
{
"name": "USN-2014-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2014-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4548",
"datePublished": "2013-11-08T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:15.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12062
Vulnerability from cvelistv5
Published
2020-06-01 15:28
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2020/05/27/1 | x_refsource_MISC | |
| https://www.openssh.com/txt/release-8.3 | x_refsource_MISC | |
| https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1 | x_refsource_MISC | |
| https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/27/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-8.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client\u0027s download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T20:02:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/27/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/txt/release-8.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client\u0027s download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/27/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/27/1"
},
{
"name": "https://www.openssh.com/txt/release-8.3",
"refsource": "MISC",
"url": "https://www.openssh.com/txt/release-8.3"
},
{
"name": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1"
},
{
"name": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12062",
"datePublished": "2020-06-01T15:28:36",
"dateReserved": "2020-04-22T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3259
Vulnerability from cvelistv5
Published
2008-07-22 16:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2148 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/30339 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43940 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/31179 | third-party-advisory, x_refsource_SECUNIA | |
| http://openssh.com/security.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1020537 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openssh.com/txt/release-5.1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2148"
},
{
"name": "30339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30339"
},
{
"name": "openssh-x11forwarding-info-disclosure(43940)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43940"
},
{
"name": "31179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openssh.com/security.html"
},
{
"name": "1020537",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020537"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2148"
},
{
"name": "30339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30339"
},
{
"name": "openssh-x11forwarding-info-disclosure(43940)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43940"
},
{
"name": "31179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openssh.com/security.html"
},
{
"name": "1020537",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020537"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/release-5.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2148",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2148"
},
{
"name": "30339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30339"
},
{
"name": "openssh-x11forwarding-info-disclosure(43940)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43940"
},
{
"name": "31179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31179"
},
{
"name": "http://openssh.com/security.html",
"refsource": "CONFIRM",
"url": "http://openssh.com/security.html"
},
{
"name": "1020537",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020537"
},
{
"name": "http://www.openssh.com/txt/release-5.1",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/release-5.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3259",
"datePublished": "2008-07-22T16:00:00",
"dateReserved": "2008-07-22T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6563
Vulnerability from cvelistv5
Published
2015-08-24 00:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/22/1"
},
{
"name": "FEDORA-2015-13469",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"name": "APPLE-SA-2015-10-21-4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT205375"
},
{
"name": "76317",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76317"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.0"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2016:0741",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"name": "20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Aug/54"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180201-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/22/1"
},
{
"name": "FEDORA-2015-13469",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"name": "APPLE-SA-2015-10-21-4",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"url": "https://support.apple.com/HT205375"
},
{
"name": "76317",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/76317"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"url": "http://www.openssh.com/txt/release-7.0"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2016:0741",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"name": "20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Aug/54"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180201-0002/"
},
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6563",
"datePublished": "2015-08-24T00:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6564
Vulnerability from cvelistv5
Published
2015-08-24 00:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/22/1"
},
{
"name": "FEDORA-2015-13469",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"name": "76317",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76317"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10136"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.0"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7"
},
{
"name": "RHSA-2016:0741",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"name": "20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Aug/54"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/22/1"
},
{
"name": "FEDORA-2015-13469",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"name": "76317",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/76317"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "GLSA-201512-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10136"
},
{
"url": "http://www.openssh.com/txt/release-7.0"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7"
},
{
"name": "RHSA-2016:0741",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"name": "20150813 BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Aug/54"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6564",
"datePublished": "2015-08-24T00:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2798
Vulnerability from cvelistv5
Published
2005-09-06 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-527.html"
},
{
"name": "hpux-secure-shell-dos(24064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24064"
},
{
"name": "SCOSA-2005.53",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt"
},
{
"name": "18507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18507"
},
{
"name": "HPSBUX02090",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421411/100/0/threaded"
},
{
"name": "SUSE-SR:2006:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
},
{
"name": "19141",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19141"
},
{
"name": "SSRT051058",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421411/100/0/threaded"
},
{
"name": "18406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18406"
},
{
"name": "14729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14729"
},
{
"name": "oval:org.mitre.oval:def:9717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9717"
},
{
"name": "18717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18717"
},
{
"name": "17077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17077"
},
{
"name": "ADV-2006-0144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0144"
},
{
"name": "oval:org.mitre.oval:def:1566",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1566"
},
{
"name": "oval:org.mitre.oval:def:1345",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm"
},
{
"name": "17245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17245"
},
{
"name": "18661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18661"
},
{
"name": "18010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18010"
},
{
"name": "[openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html"
},
{
"name": "MDKSA-2005:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm"
},
{
"name": "1014845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014845"
},
{
"name": "USN-209-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/209-1/"
},
{
"name": "16686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2005:527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-527.html"
},
{
"name": "hpux-secure-shell-dos(24064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24064"
},
{
"name": "SCOSA-2005.53",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt"
},
{
"name": "18507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18507"
},
{
"name": "HPSBUX02090",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/421411/100/0/threaded"
},
{
"name": "SUSE-SR:2006:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
},
{
"name": "19141",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19141"
},
{
"name": "SSRT051058",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/421411/100/0/threaded"
},
{
"name": "18406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18406"
},
{
"name": "14729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14729"
},
{
"name": "oval:org.mitre.oval:def:9717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9717"
},
{
"name": "18717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18717"
},
{
"name": "17077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17077"
},
{
"name": "ADV-2006-0144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0144"
},
{
"name": "oval:org.mitre.oval:def:1566",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1566"
},
{
"name": "oval:org.mitre.oval:def:1345",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm"
},
{
"name": "17245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17245"
},
{
"name": "18661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18661"
},
{
"name": "18010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18010"
},
{
"name": "[openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html"
},
{
"name": "MDKSA-2005:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm"
},
{
"name": "1014845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014845"
},
{
"name": "USN-209-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/209-1/"
},
{
"name": "16686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16686"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2798",
"datePublished": "2005-09-06T04:00:00",
"dateReserved": "2005-09-06T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-20012
Vulnerability from cvelistv5
Published
2021-09-15 19:32
Modified
2024-08-06 03:47
Severity ?
EPSS score ?
Summary
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openssh/openssh-portable/pull/270 | x_refsource_MISC | |
| https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265 | x_refsource_MISC | |
| https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak | x_refsource_MISC | |
| https://rushter.com/blog/public-ssh-keys/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20211014-0005/ | x_refsource_CONFIRM | |
| https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2018/08/24/1 | x_refsource_MISC | |
| https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/pull/270"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rushter.com/blog/public-ssh-keys/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0005/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/08/24/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:24:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/pull/270"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rushter.com/blog/public-ssh-keys/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0005/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2018/08/24/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-20012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openssh/openssh-portable/pull/270",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/pull/270"
},
{
"name": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265"
},
{
"name": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
"refsource": "MISC",
"url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak"
},
{
"name": "https://rushter.com/blog/public-ssh-keys/",
"refsource": "MISC",
"url": "https://rushter.com/blog/public-ssh-keys/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211014-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211014-0005/"
},
{
"name": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097"
},
{
"name": "https://www.openwall.com/lists/oss-security/2018/08/24/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2018/08/24/1"
},
{
"name": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-20012",
"datePublished": "2021-09-15T19:32:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-06T03:47:34.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15473
Vulnerability from cvelistv5
Published
2018-08-17 00:00
Modified
2024-08-05 09:54
Severity ?
EPSS score ?
Summary
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201810-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-03"
},
{
"name": "1041487",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041487"
},
{
"name": "45233",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/906236"
},
{
"name": "45210",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45210/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181101-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
},
{
"name": "USN-3809-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3809-1/"
},
{
"name": "[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html"
},
{
"name": "105140",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105140"
},
{
"name": "DSA-4280",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4280"
},
{
"name": "45939",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45939/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/15/5"
},
{
"name": "RHSA-2019:0711",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0711"
},
{
"name": "RHSA-2019:2143",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2143"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201810-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201810-03"
},
{
"name": "1041487",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1041487"
},
{
"name": "45233",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45233/"
},
{
"url": "https://bugs.debian.org/906236"
},
{
"name": "45210",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45210/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20181101-0001/"
},
{
"url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
},
{
"name": "USN-3809-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3809-1/"
},
{
"name": "[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html"
},
{
"name": "105140",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105140"
},
{
"name": "DSA-4280",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4280"
},
{
"name": "45939",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45939/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011"
},
{
"url": "http://www.openwall.com/lists/oss-security/2018/08/15/5"
},
{
"name": "RHSA-2019:0711",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0711"
},
{
"name": "RHSA-2019:2143",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2143"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15473",
"datePublished": "2018-08-17T00:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1380
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01 | vendor-advisory, x_refsource_IMMUNIX | |
| http://www.securityfocus.com/bid/3369 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2001-114.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=100154541809940&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.kb.cert.org/vuls/id/905795 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.ciac.org/ciac/bulletins/m-010.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.osvdb.org/642 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7179 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IMNX-2001-70-034-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "3369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3369"
},
{
"name": "RHSA-2001:114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2001-114.html"
},
{
"name": "20010926 OpenSSH Security Advisory (adv.option)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100154541809940\u0026w=2"
},
{
"name": "CLSA-2001:431",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
},
{
"name": "VU#905795",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/905795"
},
{
"name": "M-010",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/m-010.shtml"
},
{
"name": "MDKSA-2001:081",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php"
},
{
"name": "642",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/642"
},
{
"name": "openssh-access-control-bypass(7179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the \"from\" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IMNX-2001-70-034-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "3369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3369"
},
{
"name": "RHSA-2001:114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2001-114.html"
},
{
"name": "20010926 OpenSSH Security Advisory (adv.option)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100154541809940\u0026w=2"
},
{
"name": "CLSA-2001:431",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
},
{
"name": "VU#905795",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/905795"
},
{
"name": "M-010",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/m-010.shtml"
},
{
"name": "MDKSA-2001:081",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php"
},
{
"name": "642",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/642"
},
{
"name": "openssh-access-control-bypass(7179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the \"from\" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IMNX-2001-70-034-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "3369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3369"
},
{
"name": "RHSA-2001:114",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2001-114.html"
},
{
"name": "20010926 OpenSSH Security Advisory (adv.option)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100154541809940\u0026w=2"
},
{
"name": "CLSA-2001:431",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
},
{
"name": "VU#905795",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/905795"
},
{
"name": "M-010",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-010.shtml"
},
{
"name": "MDKSA-2001:081",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php"
},
{
"name": "642",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/642"
},
{
"name": "openssh-access-control-bypass(7179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1380",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28041
Vulnerability from cvelistv5
Published
2021-03-05 19:07
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openssh.com/security.html | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/03/03/1 | x_refsource_MISC | |
| https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db | x_refsource_MISC | |
| https://www.openssh.com/txt/release-8.5 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202105-35 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210416-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:56:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssh.com/security.html",
"refsource": "MISC",
"url": "https://www.openssh.com/security.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/03/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"name": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"name": "https://www.openssh.com/txt/release-8.5",
"refsource": "MISC",
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210416-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28041",
"datePublished": "2021-03-05T19:07:34",
"dateReserved": "2021-03-05T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0175
Vulnerability from cvelistv5
Published
2004-06-03 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-165.html"
},
{
"name": "RHSA-2005:106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-106.html"
},
{
"name": "RHSA-2005:567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-567.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.juniper.net/support/security/alerts/adv59739.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147"
},
{
"name": "RHSA-2005:495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-495.html"
},
{
"name": "RHSA-2005:562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-562.html"
},
{
"name": "MDVSA-2008:191",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:191"
},
{
"name": "SuSE-SA:2004:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2004_09_kernel.html"
},
{
"name": "MDKSA-2005:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:100"
},
{
"name": "19243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19243"
},
{
"name": "openssh-scp-file-overwrite(16323)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16323"
},
{
"name": "oval:org.mitre.oval:def:10184",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184"
},
{
"name": "17135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17135"
},
{
"name": "SCOSA-2006.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"name": "RHSA-2005:074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-074.html"
},
{
"name": "RHSA-2005:481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-481.html"
},
{
"name": "9550",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9550"
},
{
"name": "CLSA-2004:831",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000831"
},
{
"name": "O-212",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
},
{
"name": "9986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2005:165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-165.html"
},
{
"name": "RHSA-2005:106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-106.html"
},
{
"name": "RHSA-2005:567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-567.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.juniper.net/support/security/alerts/adv59739.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147"
},
{
"name": "RHSA-2005:495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-495.html"
},
{
"name": "RHSA-2005:562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-562.html"
},
{
"name": "MDVSA-2008:191",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:191"
},
{
"name": "SuSE-SA:2004:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2004_09_kernel.html"
},
{
"name": "MDKSA-2005:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:100"
},
{
"name": "19243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19243"
},
{
"name": "openssh-scp-file-overwrite(16323)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16323"
},
{
"name": "oval:org.mitre.oval:def:10184",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184"
},
{
"name": "17135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17135"
},
{
"name": "SCOSA-2006.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"name": "RHSA-2005:074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-074.html"
},
{
"name": "RHSA-2005:481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-481.html"
},
{
"name": "9550",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9550"
},
{
"name": "CLSA-2004:831",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000831"
},
{
"name": "O-212",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
},
{
"name": "9986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9986"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:165",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-165.html"
},
{
"name": "RHSA-2005:106",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-106.html"
},
{
"name": "RHSA-2005:567",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-567.html"
},
{
"name": "http://www.juniper.net/support/security/alerts/adv59739.txt",
"refsource": "CONFIRM",
"url": "http://www.juniper.net/support/security/alerts/adv59739.txt"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147"
},
{
"name": "RHSA-2005:495",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-495.html"
},
{
"name": "RHSA-2005:562",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-562.html"
},
{
"name": "MDVSA-2008:191",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:191"
},
{
"name": "SuSE-SA:2004:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_09_kernel.html"
},
{
"name": "MDKSA-2005:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:100"
},
{
"name": "19243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19243"
},
{
"name": "openssh-scp-file-overwrite(16323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16323"
},
{
"name": "oval:org.mitre.oval:def:10184",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184"
},
{
"name": "17135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17135"
},
{
"name": "SCOSA-2006.11",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"name": "RHSA-2005:074",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-074.html"
},
{
"name": "RHSA-2005:481",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-481.html"
},
{
"name": "9550",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9550"
},
{
"name": "CLSA-2004:831",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000831"
},
{
"name": "O-212",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
},
{
"name": "9986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9986"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0175",
"datePublished": "2004-06-03T04:00:00",
"dateReserved": "2004-02-25T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4755
Vulnerability from cvelistv5
Published
2011-03-02 19:00
Modified
2024-08-07 03:55
Severity ?
EPSS score ?
Summary
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1 | x_refsource_CONFIRM | |
| http://securityreason.com/achievement_securityalert/89 | third-party-advisory, x_refsource_SREASONRES | |
| http://securityreason.com/exploitalert/9223 | x_refsource_MISC | |
| http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 | x_refsource_CONFIRM | |
| http://cxib.net/stuff/glob-0day.c | x_refsource_MISC | |
| http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc | vendor-advisory, x_refsource_NETBSD | |
| http://securityreason.com/securityalert/8116 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:34.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1"
},
{
"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityreason.com/exploitalert/9223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"name": "NetBSD-SA2010-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc"
},
{
"name": "8116",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1"
},
{
"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityreason.com/exploitalert/9223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"name": "NetBSD-SA2010-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc"
},
{
"name": "8116",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1"
},
{
"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"name": "http://securityreason.com/exploitalert/9223",
"refsource": "MISC",
"url": "http://securityreason.com/exploitalert/9223"
},
{
"name": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1"
},
{
"name": "http://cxib.net/stuff/glob-0day.c",
"refsource": "MISC",
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"name": "NetBSD-SA2010-008",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc"
},
{
"name": "8116",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4755",
"datePublished": "2011-03-02T19:00:00",
"dateReserved": "2011-03-02T00:00:00",
"dateUpdated": "2024-08-07T03:55:34.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0225
Vulnerability from cvelistv5
Published
2006-01-25 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16369"
},
{
"name": "HPSBUX02178",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"name": "25936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25936"
},
{
"name": "18798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18798"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
},
{
"name": "23340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23340"
},
{
"name": "RHSA-2006:0298",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
},
{
"name": "18970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18970"
},
{
"name": "21492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21492"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "2006-0004",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"name": "19159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19159"
},
{
"name": "18650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18650"
},
{
"name": "18736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18736"
},
{
"name": "22692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22692"
},
{
"name": "ADV-2007-2120",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2120"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "18579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18579"
},
{
"name": "18969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18969"
},
{
"name": "20723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20723"
},
{
"name": "openssh-scp-command-execution(24305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
},
{
"name": "MDKSA-2006:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
},
{
"name": "462",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/462"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
},
{
"name": "ADV-2006-4869",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"name": "OpenPKG-SA-2006.003",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
},
{
"name": "FLSA-2006:168935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
},
{
"name": "RHSA-2006:0044",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
},
{
"name": "21262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21262"
},
{
"name": "25607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25607"
},
{
"name": "SSRT061267",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
},
{
"name": "SUSE-SA:2006:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
},
{
"name": "ADV-2006-2490",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2490"
},
{
"name": "ADV-2006-0306",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0306"
},
{
"name": "SSA:2006-045-06",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
},
{
"name": "oval:org.mitre.oval:def:1138",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
},
{
"name": "21129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21129"
},
{
"name": "1015540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015540"
},
{
"name": "FEDORA-2006-056",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
},
{
"name": "21724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21724"
},
{
"name": "GLSA-200602-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
},
{
"name": "23241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23241"
},
{
"name": "20060212 [3.8] 005: SECURITY FIX: February 12, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
},
{
"name": "102961",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "18850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18850"
},
{
"name": "22196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
},
{
"name": "RHSA-2006:0698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "18595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18595"
},
{
"name": "18964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18964"
},
{
"name": "USN-255-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-255-1"
},
{
"name": "oval:org.mitre.oval:def:9962",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
},
{
"name": "20060703-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name": "18910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18910"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "16369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16369"
},
{
"name": "HPSBUX02178",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"name": "25936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25936"
},
{
"name": "18798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18798"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
},
{
"name": "23340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23340"
},
{
"name": "RHSA-2006:0298",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
},
{
"name": "18970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18970"
},
{
"name": "21492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21492"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "2006-0004",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"name": "19159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19159"
},
{
"name": "18650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18650"
},
{
"name": "18736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18736"
},
{
"name": "22692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22692"
},
{
"name": "ADV-2007-2120",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2120"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "18579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18579"
},
{
"name": "18969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18969"
},
{
"name": "20723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20723"
},
{
"name": "openssh-scp-command-execution(24305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
},
{
"name": "MDKSA-2006:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
},
{
"name": "462",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/462"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
},
{
"name": "ADV-2006-4869",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"name": "OpenPKG-SA-2006.003",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
},
{
"name": "FLSA-2006:168935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
},
{
"name": "RHSA-2006:0044",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
},
{
"name": "21262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21262"
},
{
"name": "25607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25607"
},
{
"name": "SSRT061267",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
},
{
"name": "SUSE-SA:2006:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
},
{
"name": "ADV-2006-2490",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2490"
},
{
"name": "ADV-2006-0306",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0306"
},
{
"name": "SSA:2006-045-06",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
},
{
"name": "oval:org.mitre.oval:def:1138",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
},
{
"name": "21129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21129"
},
{
"name": "1015540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015540"
},
{
"name": "FEDORA-2006-056",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
},
{
"name": "21724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21724"
},
{
"name": "GLSA-200602-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
},
{
"name": "23241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23241"
},
{
"name": "20060212 [3.8] 005: SECURITY FIX: February 12, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
},
{
"name": "102961",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "18850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18850"
},
{
"name": "22196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
},
{
"name": "RHSA-2006:0698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "18595",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18595"
},
{
"name": "18964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18964"
},
{
"name": "USN-255-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-255-1"
},
{
"name": "oval:org.mitre.oval:def:9962",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
},
{
"name": "20060703-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name": "18910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18910"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24479"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-0225",
"datePublished": "2006-01-25T11:00:00",
"dateReserved": "2006-01-17T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2904
Vulnerability from cvelistv5
Published
2009-10-01 15:00
Modified
2024-08-07 06:07
Severity ?
EPSS score ?
Summary
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38794 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.vmware.com/pipermail/security-announce/2010/000082.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/36552 | vdb-entry, x_refsource_BID | |
| https://rhn.redhat.com/errata/RHSA-2009-1470.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/38834 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/58495 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/39182 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862 | vdb-entry, signature, x_refsource_OVAL | |
| https://bugzilla.redhat.com/show_bug.cgi?id=522141 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/0528 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "36552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36552"
},
{
"name": "RHSA-2009:1470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"name": "FEDORA-2010-5429",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "58495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58495"
},
{
"name": "39182",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39182"
},
{
"name": "oval:org.mitre.oval:def:9862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "36552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36552"
},
{
"name": "RHSA-2009:1470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"name": "FEDORA-2010-5429",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "58495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58495"
},
{
"name": "39182",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39182"
},
{
"name": "oval:org.mitre.oval:def:9862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2904",
"datePublished": "2009-10-01T15:00:00",
"dateReserved": "2009-08-20T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0640
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-134",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-134"
},
{
"name": "RHSA-2002:127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-127.html"
},
{
"name": "20020626 OpenSSH Security Advisory (adv.iss)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102514371522793\u0026w=2"
},
{
"name": "SuSE-SA:2002:024",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_024_openssh_txt.html"
},
{
"name": "20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102532054613894\u0026w=2"
},
{
"name": "839",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/839"
},
{
"name": "CA-2002-18",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-18.html"
},
{
"name": "20020627 How to reproduce OpenSSH Overflow.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102521542826833\u0026w=2"
},
{
"name": "RHSA-2002:131",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-131.html"
},
{
"name": "5093",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5093"
},
{
"name": "CSSA-2002-030.0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt"
},
{
"name": "ESA-20020702-016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2177.html"
},
{
"name": "VU#369347",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/369347"
},
{
"name": "CLA-2002:502",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000502"
},
{
"name": "HPSBUX0206-195",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195"
},
{
"name": "MDKSA-2002:040",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040"
},
{
"name": "20020626 Revised OpenSSH Security Advisory (adv.iss)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102514631524575\u0026w=2"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T10:06:00.412370",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-134",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2002/dsa-134"
},
{
"name": "RHSA-2002:127",
"tags": [
"vendor-advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-127.html"
},
{
"name": "20020626 OpenSSH Security Advisory (adv.iss)",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102514371522793\u0026w=2"
},
{
"name": "SuSE-SA:2002:024",
"tags": [
"vendor-advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2002_024_openssh_txt.html"
},
{
"name": "20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102532054613894\u0026w=2"
},
{
"name": "839",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/839"
},
{
"name": "CA-2002-18",
"tags": [
"third-party-advisory"
],
"url": "http://www.cert.org/advisories/CA-2002-18.html"
},
{
"name": "20020627 How to reproduce OpenSSH Overflow.",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102521542826833\u0026w=2"
},
{
"name": "RHSA-2002:131",
"tags": [
"vendor-advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-131.html"
},
{
"name": "5093",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/5093"
},
{
"name": "CSSA-2002-030.0",
"tags": [
"vendor-advisory"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt"
},
{
"name": "ESA-20020702-016",
"tags": [
"vendor-advisory"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2177.html"
},
{
"name": "VU#369347",
"tags": [
"third-party-advisory"
],
"url": "http://www.kb.cert.org/vuls/id/369347"
},
{
"name": "CLA-2002:502",
"tags": [
"vendor-advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000502"
},
{
"name": "HPSBUX0206-195",
"tags": [
"vendor-advisory"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195"
},
{
"name": "MDKSA-2002:040",
"tags": [
"vendor-advisory"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040"
},
{
"name": "20020626 Revised OpenSSH Security Advisory (adv.iss)",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102514631524575\u0026w=2"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0640",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-28T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0190
Vulnerability from cvelistv5
Published
2003-05-02 00:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:222",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-222.html"
},
{
"name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105172058404810\u0026w=2"
},
{
"name": "7467",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7467"
},
{
"name": "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106018677302607\u0026w=2"
},
{
"name": "RHSA-2003:224",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-224.html"
},
{
"name": "oval:org.mitre.oval:def:445",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445"
},
{
"tags": [
"x_transferred"
],
"url": "http://lab.mediaservice.net/advisory/2003-01-openssh.txt"
},
{
"name": "TLSA-2003-31",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-31.txt"
},
{
"name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:222",
"tags": [
"vendor-advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-222.html"
},
{
"name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105172058404810\u0026w=2"
},
{
"name": "7467",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/7467"
},
{
"name": "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106018677302607\u0026w=2"
},
{
"name": "RHSA-2003:224",
"tags": [
"vendor-advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-224.html"
},
{
"name": "oval:org.mitre.oval:def:445",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445"
},
{
"url": "http://lab.mediaservice.net/advisory/2003-01-openssh.txt"
},
{
"name": "TLSA-2003-31",
"tags": [
"vendor-advisory"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-31.txt"
},
{
"name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0190",
"datePublished": "2003-05-02T00:00:00",
"dateReserved": "2003-04-01T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10009
Vulnerability from cvelistv5
Published
2017-01-05 00:00
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"name": "40963",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40963/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "94968",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94968"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"name": "FreeBSD-SA-17:01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"name": "USN-3538-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3538-1/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"name": "[oss-security] 20230719 CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9"
},
{
"name": "20230719 CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/31"
},
{
"name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-20T11:06:10.382Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"name": "40963",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40963/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "94968",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94968"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"name": "FreeBSD-SA-17:01",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"name": "USN-3538-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3538-1/"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"name": "[oss-security] 20230719 CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9"
},
{
"name": "20230719 CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/31"
},
{
"name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10009",
"datePublished": "2017-01-05T00:00:00.000Z",
"dateReserved": "2016-12-19T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:14.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4752
Vulnerability from cvelistv5
Published
2007-09-12 01:00
Modified
2024-08-07 15:08
Severity ?
EPSS score ?
Summary
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-4.7"
},
{
"name": "GLSA-200711-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-02.xml"
},
{
"name": "oval:org.mitre.oval:def:10809",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809"
},
{
"name": "DSA-1576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "25628",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25628"
},
{
"name": "20070917 FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479760/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"name": "FEDORA-2007-715",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
},
{
"name": "USN-566-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-566-1"
},
{
"name": "3126",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3126"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-2821",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"name": "30249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "ADV-2007-3156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3156"
},
{
"name": "SSRT071485",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"name": "31575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31575"
},
{
"name": "RHSA-2008:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"name": "MDKSA-2007:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:236"
},
{
"name": "oval:org.mitre.oval:def:5599",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=280471"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20071115 Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483748/100/200/threaded"
},
{
"name": "HPSBUX02287",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"name": "27399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27399"
},
{
"name": "openssh-x11cookie-privilege-escalation(36637)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=191321"
},
{
"name": "SUSE-SR:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "32241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/release-4.7"
},
{
"name": "GLSA-200711-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-02.xml"
},
{
"name": "oval:org.mitre.oval:def:10809",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809"
},
{
"name": "DSA-1576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "25628",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25628"
},
{
"name": "20070917 FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479760/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"name": "FEDORA-2007-715",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
},
{
"name": "USN-566-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-566-1"
},
{
"name": "3126",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3126"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-2821",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"name": "30249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "ADV-2007-3156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3156"
},
{
"name": "SSRT071485",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"name": "31575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31575"
},
{
"name": "RHSA-2008:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"name": "MDKSA-2007:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:236"
},
{
"name": "oval:org.mitre.oval:def:5599",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=280471"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20071115 Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483748/100/200/threaded"
},
{
"name": "HPSBUX02287",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"name": "27399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27399"
},
{
"name": "openssh-x11cookie-privilege-escalation(36637)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=191321"
},
{
"name": "SUSE-SR:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "32241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openssh.com/txt/release-4.7",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/release-4.7"
},
{
"name": "GLSA-200711-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-02.xml"
},
{
"name": "oval:org.mitre.oval:def:10809",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809"
},
{
"name": "DSA-1576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "25628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25628"
},
{
"name": "20070917 FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479760/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"name": "FEDORA-2007-715",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
},
{
"name": "USN-566-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-566-1"
},
{
"name": "3126",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3126"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-2821",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"name": "30249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30249"
},
{
"name": "ADV-2007-3156",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3156"
},
{
"name": "SSRT071485",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"name": "31575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31575"
},
{
"name": "RHSA-2008:0855",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"name": "MDKSA-2007:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:236"
},
{
"name": "oval:org.mitre.oval:def:5599",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=280471",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=280471"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20071115 Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483748/100/200/threaded"
},
{
"name": "HPSBUX02287",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"name": "27399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27399"
},
{
"name": "openssh-x11cookie-privilege-escalation(36637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36637"
},
{
"name": "https://issues.rpath.com/browse/RPL-1706",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1706"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=191321",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=191321"
},
{
"name": "SUSE-SR:2007:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "32241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4752",
"datePublished": "2007-09-12T01:00:00",
"dateReserved": "2007-09-07T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0778
Vulnerability from cvelistv5
Published
2016-01-14 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "80698",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80698"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "80698",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/80698"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0778",
"datePublished": "2016-01-14T00:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4924
Vulnerability from cvelistv5
Published
2006-09-27 01:00
Modified
2024-08-07 19:32
Severity ?
EPSS score ?
Summary
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-06:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability"
},
{
"name": "22270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22270"
},
{
"name": "HPSBUX02178",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"name": "23038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23038"
},
{
"name": "USN-355-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"name": "2006-0054",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "ADV-2006-4401",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4401"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
},
{
"name": "ADV-2009-0740",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0740"
},
{
"name": "22116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22116"
},
{
"name": "21923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21923"
},
{
"name": "24805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24805"
},
{
"name": "23340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23340"
},
{
"name": "[2.9] 015: SECURITY FIX: October 12, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"name": "SUSE-SR:2006:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name": "22487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22487"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "GLSA-200611-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"name": "22164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22164"
},
{
"name": "102962",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1"
},
{
"name": "SUSE-SA:2006:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "22362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22362"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "34274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34274"
},
{
"name": "VU#787448",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/787448"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1016931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016931"
},
{
"name": "ADV-2006-4869",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"name": "22298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22298"
},
{
"name": "22352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22352"
},
{
"name": "22236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22236"
},
{
"name": "oval:org.mitre.oval:def:1193",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193"
},
{
"name": "24799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955"
},
{
"name": "22091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22091"
},
{
"name": "SSRT061267",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"name": "22495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22495"
},
{
"name": "ADV-2007-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"name": "20216",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20216"
},
{
"name": "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"name": "GLSA-200609-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-17.xml"
},
{
"name": "22823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22823"
},
{
"name": "FreeBSD-SA-06:22.openssh",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"name": "SSA:2006-272-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"name": "RHSA-2006:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg"
},
{
"name": "ADV-2006-3777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3777"
},
{
"name": "OpenPKG-SA-2006.022",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name": "22183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22183"
},
{
"name": "openssh-block-dos(29158)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29158"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"name": "23241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23241"
},
{
"name": "ADV-2007-2119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2119"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"name": "22926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22926"
},
{
"name": "29371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29371"
},
{
"name": "22208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "22245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22245"
},
{
"name": "20061001-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-661"
},
{
"name": "22196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22196"
},
{
"name": "DSA-1212",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"name": "oval:org.mitre.oval:def:10462",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462"
},
{
"name": "RHSA-2006:0698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "29152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29152"
},
{
"name": "25608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25608"
},
{
"name": "22158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22158"
},
{
"name": "MDKSA-2006:179",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"name": "DSA-1189",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"name": "SCOSA-2008.2",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FreeBSD-SA-06:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability"
},
{
"name": "22270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22270"
},
{
"name": "HPSBUX02178",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"name": "23038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23038"
},
{
"name": "USN-355-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"name": "2006-0054",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "ADV-2006-4401",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4401"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
},
{
"name": "ADV-2009-0740",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0740"
},
{
"name": "22116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22116"
},
{
"name": "21923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21923"
},
{
"name": "24805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24805"
},
{
"name": "23340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23340"
},
{
"name": "[2.9] 015: SECURITY FIX: October 12, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"name": "SUSE-SR:2006:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name": "22487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22487"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "GLSA-200611-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"name": "22164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22164"
},
{
"name": "102962",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1"
},
{
"name": "SUSE-SA:2006:062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "22362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22362"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "34274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34274"
},
{
"name": "VU#787448",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/787448"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1016931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016931"
},
{
"name": "ADV-2006-4869",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"name": "22298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22298"
},
{
"name": "22352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22352"
},
{
"name": "22236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22236"
},
{
"name": "oval:org.mitre.oval:def:1193",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193"
},
{
"name": "24799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955"
},
{
"name": "22091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22091"
},
{
"name": "SSRT061267",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"name": "22495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22495"
},
{
"name": "ADV-2007-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"name": "20216",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20216"
},
{
"name": "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"name": "GLSA-200609-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-17.xml"
},
{
"name": "22823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22823"
},
{
"name": "FreeBSD-SA-06:22.openssh",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"name": "SSA:2006-272-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"name": "RHSA-2006:0697",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg"
},
{
"name": "ADV-2006-3777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3777"
},
{
"name": "OpenPKG-SA-2006.022",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name": "22183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22183"
},
{
"name": "openssh-block-dos(29158)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29158"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"name": "23241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23241"
},
{
"name": "ADV-2007-2119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2119"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"name": "22926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22926"
},
{
"name": "29371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29371"
},
{
"name": "22208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "22245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22245"
},
{
"name": "20061001-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-661"
},
{
"name": "22196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22196"
},
{
"name": "DSA-1212",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"name": "oval:org.mitre.oval:def:10462",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462"
},
{
"name": "RHSA-2006:0698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "29152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29152"
},
{
"name": "25608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25608"
},
{
"name": "22158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22158"
},
{
"name": "MDKSA-2006:179",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"name": "DSA-1189",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"name": "SCOSA-2008.2",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-06:22",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=681763",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"name": "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability"
},
{
"name": "22270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22270"
},
{
"name": "HPSBUX02178",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"name": "23038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23038"
},
{
"name": "USN-355-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"name": "2006-0054",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0054"
},
{
"name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "ADV-2006-4401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4401"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
},
{
"name": "ADV-2009-0740",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0740"
},
{
"name": "22116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22116"
},
{
"name": "21923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21923"
},
{
"name": "24805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24805"
},
{
"name": "23340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23340"
},
{
"name": "[2.9] 015: SECURITY FIX: October 12, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"name": "SUSE-SR:2006:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name": "22487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22487"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "GLSA-200611-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=148228",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"name": "22164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22164"
},
{
"name": "102962",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1"
},
{
"name": "SUSE-SA:2006:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "22362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22362"
},
{
"name": "23680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23680"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "34274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34274"
},
{
"name": "VU#787448",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/787448"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1016931",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016931"
},
{
"name": "ADV-2006-4869",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"name": "22298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22298"
},
{
"name": "22352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22352"
},
{
"name": "22236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22236"
},
{
"name": "oval:org.mitre.oval:def:1193",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193"
},
{
"name": "24799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24799"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955"
},
{
"name": "22091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22091"
},
{
"name": "SSRT061267",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"name": "22495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22495"
},
{
"name": "ADV-2007-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"name": "20216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20216"
},
{
"name": "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"name": "GLSA-200609-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-17.xml"
},
{
"name": "22823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22823"
},
{
"name": "FreeBSD-SA-06:22.openssh",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"name": "SSA:2006-272-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"name": "RHSA-2006:0697",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"name": "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg",
"refsource": "CONFIRM",
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg"
},
{
"name": "ADV-2006-3777",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3777"
},
{
"name": "OpenPKG-SA-2006.022",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name": "22183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22183"
},
{
"name": "openssh-block-dos(29158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29158"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"refsource": "MLIST",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"name": "23241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23241"
},
{
"name": "ADV-2007-2119",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2119"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability",
"refsource": "MLIST",
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"name": "22926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22926"
},
{
"name": "29371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29371"
},
{
"name": "22208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22208"
},
{
"name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "22245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22245"
},
{
"name": "20061001-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name": "https://issues.rpath.com/browse/RPL-661",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-661"
},
{
"name": "22196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22196"
},
{
"name": "DSA-1212",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"name": "oval:org.mitre.oval:def:10462",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462"
},
{
"name": "RHSA-2006:0698",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "29152",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29152"
},
{
"name": "25608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25608"
},
{
"name": "22158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22158"
},
{
"name": "MDKSA-2006:179",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"name": "DSA-1189",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"name": "SCOSA-2008.2",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4924",
"datePublished": "2006-09-27T01:00:00",
"dateReserved": "2006-09-21T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2666
Vulnerability from cvelistv5
Published
2005-08-23 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/25098 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2007-0257.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/19243 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asp | x_refsource_MISC | |
| ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt | vendor-advisory, x_refsource_SCO | |
| http://nms.csail.mit.edu/projects/ssh/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10201",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "RHSA-2007:0257",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0257.html"
},
{
"name": "19243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19243"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asp"
},
{
"name": "SCOSA-2006.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://nms.csail.mit.edu/projects/ssh/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user\u0027s account to generate a list of additional targets that are more likely to have the same password or key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10201",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "RHSA-2007:0257",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0257.html"
},
{
"name": "19243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19243"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asp"
},
{
"name": "SCOSA-2006.11",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://nms.csail.mit.edu/projects/ssh/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user\u0027s account to generate a list of additional targets that are more likely to have the same password or key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10201",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201"
},
{
"name": "25098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25098"
},
{
"name": "RHSA-2007:0257",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0257.html"
},
{
"name": "19243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19243"
},
{
"name": "http://www.eweek.com/article2/0,1759,1815795,00.asp",
"refsource": "MISC",
"url": "http://www.eweek.com/article2/0,1759,1815795,00.asp"
},
{
"name": "SCOSA-2006.11",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"name": "http://nms.csail.mit.edu/projects/ssh/",
"refsource": "MISC",
"url": "http://nms.csail.mit.edu/projects/ssh/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2666",
"datePublished": "2005-08-23T04:00:00",
"dateReserved": "2005-08-23T00:00:00",
"dateUpdated": "2024-08-07T22:45:01.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36368
Vulnerability from cvelistv5
Published
2022-03-12 23:24
Modified
2024-08-04 00:54
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openssh.com/security.html | x_refsource_MISC | |
| https://github.com/openssh/openssh-portable/pull/258 | x_refsource_MISC | |
| https://bugzilla.mindrot.org/show_bug.cgi?id=3316 | x_refsource_CONFIRM | |
| https://docs.ssh-mitm.at/trivialauth.html | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2021-36368 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/pull/258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.ssh-mitm.at/trivialauth.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user\u0027s behalf. NOTE: the vendor\u0027s position is \"this is not an authentication bypass, since nothing is being bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T14:45:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/pull/258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.ssh-mitm.at/trivialauth.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36368"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user\u0027s behalf. NOTE: the vendor\u0027s position is \"this is not an authentication bypass, since nothing is being bypassed.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssh.com/security.html",
"refsource": "MISC",
"url": "https://www.openssh.com/security.html"
},
{
"name": "https://github.com/openssh/openssh-portable/pull/258",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/pull/258"
},
{
"name": "https://bugzilla.mindrot.org/show_bug.cgi?id=3316",
"refsource": "CONFIRM",
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3316"
},
{
"name": "https://docs.ssh-mitm.at/trivialauth.html",
"refsource": "MISC",
"url": "https://docs.ssh-mitm.at/trivialauth.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2021-36368",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36368",
"datePublished": "2022-03-12T23:24:35",
"dateReserved": "2021-07-09T00:00:00",
"dateUpdated": "2024-08-04T00:54:51.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0765
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9215.php | vdb-entry, x_refsource_XF | |
| http://www.openbsd.org/errata.html#sshbsdauth | vendor-advisory, x_refsource_OPENBSD | |
| http://www.osvdb.org/5113 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/4803 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:48.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020527 OpenSSH 3.2.3 released (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html"
},
{
"name": "bsd-sshd-authentication-error(9215)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9215.php"
},
{
"name": "20020522 004: SECURITY FIX: May 22, 2002",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata.html#sshbsdauth"
},
{
"name": "5113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5113"
},
{
"name": "4803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user\u0027s password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020527 OpenSSH 3.2.3 released (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html"
},
{
"name": "bsd-sshd-authentication-error(9215)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9215.php"
},
{
"name": "20020522 004: SECURITY FIX: May 22, 2002",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata.html#sshbsdauth"
},
{
"name": "5113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5113"
},
{
"name": "4803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user\u0027s password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020527 OpenSSH 3.2.3 released (fwd)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html"
},
{
"name": "bsd-sshd-authentication-error(9215)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9215.php"
},
{
"name": "20020522 004: SECURITY FIX: May 22, 2002",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#sshbsdauth"
},
{
"name": "5113",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5113"
},
{
"name": "4803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0765",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T03:03:48.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2760
Vulnerability from cvelistv5
Published
2008-08-04 10:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/360198 | mailing-list, x_refsource_BUGTRAQ | |
| http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/4100 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040413 Re: Fwd: [BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/360198"
},
{
"name": "20040412 BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html"
},
{
"name": "4100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-29T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040413 Re: Fwd: [BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/360198"
},
{
"name": "20040412 BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html"
},
{
"name": "4100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040413 Re: Fwd: [BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/360198"
},
{
"name": "20040412 BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)",
"refsource": "BUGTRAQ",
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html"
},
{
"name": "4100",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2760",
"datePublished": "2008-08-04T10:00:00",
"dateReserved": "2008-08-03T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0999
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-05-08T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch",
"refsource": "MISC",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0999",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:32.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0575
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/8896.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4560 | vdb-entry, x_refsource_BID | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt | vendor-advisory, x_refsource_CALDERA | |
| http://marc.info/?l=vuln-dev&m=101924296115863&w=2 | mailing-list, x_refsource_VULN-DEV | |
| http://marc.info/?l=bugtraq&m=102167972421837&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://online.securityfocus.com/archive/1/269701 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/781 | vdb-entry, x_refsource_OSVDB | |
| http://online.securityfocus.com/archive/1/268718 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openssh-sshd-kerberos-bo(8896)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8896.php"
},
{
"name": "20020420 OpenSSH Security Advisory (adv.token)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html"
},
{
"name": "4560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4560"
},
{
"name": "CSSA-2002-022.2",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt"
},
{
"name": "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=101924296115863\u0026w=2"
},
{
"name": "20020517 OpenSSH 3.2.2 released (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102167972421837\u0026w=2"
},
{
"name": "20020426 Revised OpenSSH Security Advisory (adv.token)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/269701"
},
{
"name": "781",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/781"
},
{
"name": "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/268718"
},
{
"name": "20020429 TSLSA-2002-0047 - openssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openssh-sshd-kerberos-bo(8896)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8896.php"
},
{
"name": "20020420 OpenSSH Security Advisory (adv.token)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html"
},
{
"name": "4560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4560"
},
{
"name": "CSSA-2002-022.2",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt"
},
{
"name": "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=101924296115863\u0026w=2"
},
{
"name": "20020517 OpenSSH 3.2.2 released (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102167972421837\u0026w=2"
},
{
"name": "20020426 Revised OpenSSH Security Advisory (adv.token)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/269701"
},
{
"name": "781",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/781"
},
{
"name": "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/268718"
},
{
"name": "20020429 TSLSA-2002-0047 - openssh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openssh-sshd-kerberos-bo(8896)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8896.php"
},
{
"name": "20020420 OpenSSH Security Advisory (adv.token)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html"
},
{
"name": "4560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4560"
},
{
"name": "CSSA-2002-022.2",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt"
},
{
"name": "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=101924296115863\u0026w=2"
},
{
"name": "20020517 OpenSSH 3.2.2 released (fwd)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102167972421837\u0026w=2"
},
{
"name": "20020426 Revised OpenSSH Security Advisory (adv.token)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/269701"
},
{
"name": "781",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/781"
},
{
"name": "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/268718"
},
{
"name": "20020429 TSLSA-2002-0047 - openssh",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0575",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15778
Vulnerability from cvelistv5
Published
2020-07-24 00:00
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openssh",
"vendor": "openbsd",
"versions": [
{
"lessThanOrEqual": "8.3p1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-15778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:59:02.714297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:18.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cpandya2909/CVE-2020-15778/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"name": "GLSA-202212-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-06"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T16:53:15.270364",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/security.html"
},
{
"url": "https://github.com/cpandya2909/CVE-2020-15778/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
},
{
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"name": "GLSA-202212-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-06"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3166"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15778",
"datePublished": "2020-07-24T00:00:00",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28531
Vulnerability from cvelistv5
Published
2023-03-17 00:00
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/03/15/8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230413-0008/"
},
{
"name": "GLSA-202307-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"name": "FEDORA-2024-2aac54ebb7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AN2UDTXEUSKFIOIYMV6JNI5VSBMYZOFT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T03:06:25.997488",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/03/15/8"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230413-0008/"
},
{
"name": "GLSA-202307-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"name": "FEDORA-2024-2aac54ebb7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AN2UDTXEUSKFIOIYMV6JNI5VSBMYZOFT/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28531",
"datePublished": "2023-03-17T00:00:00",
"dateReserved": "2023-03-17T00:00:00",
"dateUpdated": "2024-08-02T13:43:22.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5051
Vulnerability from cvelistv5
Published
2006-09-27 23:00
Modified
2024-08-07 19:32
Severity ?
EPSS score ?
Summary
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:23.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-06:22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"name": "22270",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22270"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
},
{
"name": "USN-355-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"name": "[freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "oval:org.mitre.oval:def:11387",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
},
{
"tags": [
"x_transferred"
],
"url": "http://openssh.org/txt/release-4.4"
},
{
"name": "24805",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/24805"
},
{
"name": "VU#851340",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/851340"
},
{
"name": "[2.9] 015: SECURITY FIX: October 12, 2006",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"name": "22487",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22487"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
},
{
"name": "GLSA-200611-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"name": "SUSE-SA:2006:062",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "22362",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22362"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "22352",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22352"
},
{
"name": "ADV-2006-4329",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4329"
},
{
"name": "22236",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22236"
},
{
"name": "24799",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/24799"
},
{
"name": "ADV-2006-4018",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4018"
},
{
"name": "22495",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22495"
},
{
"name": "openssh-signal-handler-race-condition(29254)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
},
{
"name": "20241",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20241"
},
{
"name": "ADV-2007-1332",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"name": "29264",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/29264"
},
{
"name": "22823",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22823"
},
{
"name": "FreeBSD-SA-06:22.openssh",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"name": "SSA:2006-272-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"name": "RHSA-2006:0697",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"name": "OpenPKG-SA-2006.022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name": "22183",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22183"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"name": "22926",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22926"
},
{
"name": "22173",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22173"
},
{
"name": "1016940",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016940"
},
{
"name": "22208",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22208"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "22245",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22245"
},
{
"name": "20061001-01-P",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name": "22196",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22196"
},
{
"name": "DSA-1212",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"name": "RHSA-2006:0698",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "22158",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/22158"
},
{
"name": "MDKSA-2006:179",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"name": "DSA-1189",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/24479"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T00:34:17.921429",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FreeBSD-SA-06:22",
"tags": [
"vendor-advisory"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"name": "22270",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22270"
},
{
"url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
},
{
"name": "USN-355-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"name": "[freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh",
"tags": [
"mailing-list"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
},
{
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "oval:org.mitre.oval:def:11387",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
},
{
"url": "http://openssh.org/txt/release-4.4"
},
{
"name": "24805",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/24805"
},
{
"name": "VU#851340",
"tags": [
"third-party-advisory"
],
"url": "http://www.kb.cert.org/vuls/id/851340"
},
{
"name": "[2.9] 015: SECURITY FIX: October 12, 2006",
"tags": [
"vendor-advisory"
],
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"name": "22487",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22487"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
},
{
"name": "GLSA-200611-06",
"tags": [
"vendor-advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"name": "SUSE-SA:2006:062",
"tags": [
"vendor-advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "22362",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22362"
},
{
"name": "23680",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "22352",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22352"
},
{
"name": "ADV-2006-4329",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2006/4329"
},
{
"name": "22236",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22236"
},
{
"name": "24799",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/24799"
},
{
"name": "ADV-2006-4018",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2006/4018"
},
{
"name": "22495",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22495"
},
{
"name": "openssh-signal-handler-race-condition(29254)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
},
{
"name": "20241",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/20241"
},
{
"name": "ADV-2007-1332",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"name": "29264",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/29264"
},
{
"name": "22823",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22823"
},
{
"name": "FreeBSD-SA-06:22.openssh",
"tags": [
"vendor-advisory"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"name": "SSA:2006-272-02",
"tags": [
"vendor-advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"name": "RHSA-2006:0697",
"tags": [
"vendor-advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"name": "OpenPKG-SA-2006.022",
"tags": [
"vendor-advisory"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name": "22183",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22183"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability",
"tags": [
"mailing-list"
],
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"name": "22926",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22926"
},
{
"name": "22173",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22173"
},
{
"name": "1016940",
"tags": [
"vdb-entry"
],
"url": "http://securitytracker.com/id?1016940"
},
{
"name": "22208",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22208"
},
{
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "22245",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22245"
},
{
"name": "20061001-01-P",
"tags": [
"vendor-advisory"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name": "22196",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22196"
},
{
"name": "DSA-1212",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"name": "RHSA-2006:0698",
"tags": [
"vendor-advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"name": "22158",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/22158"
},
{
"name": "MDKSA-2006:179",
"tags": [
"vendor-advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"name": "DSA-1189",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"name": "24479",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/24479"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-5051",
"datePublished": "2006-09-27T23:00:00",
"dateReserved": "2006-09-27T00:00:00",
"dateUpdated": "2024-08-07T19:32:23.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0572
Vulnerability from cvelistv5
Published
2001-07-27 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.redhat.com/support/errata/RHSA-2001-033.html | vendor-advisory, x_refsource_REDHAT | |
| http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html | mailing-list, x_refsource_BUGTRAQ | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.kb.cert.org/vuls/id/596827 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2001:033",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3"
},
{
"name": "RHSA-2001:033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-033.html"
},
{
"name": "20010318 Passive Analysis of SSH (Secure Shell) Traffic",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html"
},
{
"name": "CLA-2001:391",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000391"
},
{
"name": "VU#596827",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/596827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2001:033",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3"
},
{
"name": "RHSA-2001:033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-033.html"
},
{
"name": "20010318 Passive Analysis of SSH (Secure Shell) Traffic",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html"
},
{
"name": "CLA-2001:391",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000391"
},
{
"name": "VU#596827",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/596827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2001:033",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3"
},
{
"name": "RHSA-2001:033",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-033.html"
},
{
"name": "20010318 Passive Analysis of SSH (Secure Shell) Traffic",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html"
},
{
"name": "CLA-2001:391",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000391"
},
{
"name": "VU#596827",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/596827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0572",
"datePublished": "2001-07-27T04:00:00",
"dateReserved": "2001-07-27T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1908
Vulnerability from cvelistv5
Published
2017-04-11 00:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c"
},
{
"name": "[oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2016/01/15/13"
},
{
"name": "1034705",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034705"
},
{
"name": "RHSA-2016:0741",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "84427",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84427"
},
{
"name": "RHSA-2016:0465",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://www.openssh.com/txt/release-7.2"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c"
},
{
"name": "[oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2016/01/15/13"
},
{
"name": "1034705",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034705"
},
{
"name": "RHSA-2016:0741",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "84427",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/84427"
},
{
"name": "RHSA-2016:0465",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-1908",
"datePublished": "2017-04-11T00:00:00",
"dateReserved": "2016-01-15T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6210
Vulnerability from cvelistv5
Published
2017-02-13 00:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2563",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2563"
},
{
"name": "1036319",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036319"
},
{
"name": "20160714 opensshd - user enumeration",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jul/51"
},
{
"name": "DSA-3626",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3626"
},
{
"name": "40136",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40136/"
},
{
"name": "40113",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40113/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.3"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "91812",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91812"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190206-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:2563",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2563"
},
{
"name": "1036319",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036319"
},
{
"name": "20160714 opensshd - user enumeration",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Jul/51"
},
{
"name": "DSA-3626",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3626"
},
{
"name": "40136",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40136/"
},
{
"name": "40113",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40113/"
},
{
"url": "https://www.openssh.com/txt/release-7.3"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "91812",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91812"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190206-0001/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6210",
"datePublished": "2017-02-13T00:00:00",
"dateReserved": "2016-07-13T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0529
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IMNX-2001-70-034-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "openssh-symlink-file-deletion(6676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6676"
},
{
"name": "20010612",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata29.html"
},
{
"name": "20010604 SSH allows deletion of other users files...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html"
},
{
"name": "20010604 Re: SSH allows deletion of other users files...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html"
},
{
"name": "20010605 OpenSSH_2.5.2p2 RH7.0 \u003c- version info",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/188737"
},
{
"name": "NetBSD-SA2001-010",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc"
},
{
"name": "CSSA-2001-023.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt"
},
{
"name": "VU#655259",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/655259"
},
{
"name": "2825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2825"
},
{
"name": "1853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1853"
},
{
"name": "CLA-2001:431",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named \u0027cookies\u0027 via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IMNX-2001-70-034-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "openssh-symlink-file-deletion(6676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6676"
},
{
"name": "20010612",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata29.html"
},
{
"name": "20010604 SSH allows deletion of other users files...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html"
},
{
"name": "20010604 Re: SSH allows deletion of other users files...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html"
},
{
"name": "20010605 OpenSSH_2.5.2p2 RH7.0 \u003c- version info",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/188737"
},
{
"name": "NetBSD-SA2001-010",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc"
},
{
"name": "CSSA-2001-023.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt"
},
{
"name": "VU#655259",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/655259"
},
{
"name": "2825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2825"
},
{
"name": "1853",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1853"
},
{
"name": "CLA-2001:431",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named \u0027cookies\u0027 via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IMNX-2001-70-034-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"name": "openssh-symlink-file-deletion(6676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6676"
},
{
"name": "20010612",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata29.html"
},
{
"name": "20010604 SSH allows deletion of other users files...",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html"
},
{
"name": "20010604 Re: SSH allows deletion of other users files...",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html"
},
{
"name": "20010605 OpenSSH_2.5.2p2 RH7.0 \u003c- version info",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/188737"
},
{
"name": "NetBSD-SA2001-010",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc"
},
{
"name": "CSSA-2001-023.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt"
},
{
"name": "VU#655259",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/655259"
},
{
"name": "2825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2825"
},
{
"name": "1853",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1853"
},
{
"name": "CLA-2001:431",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0529",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-06-18T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6109
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
},
{
"tags": [
"x_transferred"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"name": "FEDORA-2019-0f4190cdb0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
},
{
"name": "openSUSE-SU-2019:1602",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"
},
{
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"name": "FEDORA-2019-0f4190cdb0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
},
{
"name": "openSUSE-SU-2019:1602",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6109",
"datePublished": "2019-01-31T00:00:00",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5794
Vulnerability from cvelistv5
Published
2006-11-08 20:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017183",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=461854\u0026group_id=69227"
},
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "22773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22773"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-766"
},
{
"name": "22872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22872"
},
{
"name": "22772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22772"
},
{
"name": "ADV-2006-4399",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4399"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "24055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24055"
},
{
"name": "22771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22771"
},
{
"name": "openssh-separation-verificaton-weakness(30120)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm"
},
{
"name": "ADV-2006-4400",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4400"
},
{
"name": "20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451100/100/0/threaded"
},
{
"name": "22778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22778"
},
{
"name": "22814",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22814"
},
{
"name": "oval:org.mitre.oval:def:11840",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840"
},
{
"name": "20956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20956"
},
{
"name": "MDKSA-2006:204",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:204"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.org/txt/release-4.5"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "OpenPKG-SA-2006.032",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "RHSA-2006:0738",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0738.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1017183",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=461854\u0026group_id=69227"
},
{
"name": "22932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22932"
},
{
"name": "22773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22773"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-766"
},
{
"name": "22872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22872"
},
{
"name": "22772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22772"
},
{
"name": "ADV-2006-4399",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4399"
},
{
"name": "23513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "SUSE-SR:2006:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "24055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24055"
},
{
"name": "22771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22771"
},
{
"name": "openssh-separation-verificaton-weakness(30120)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm"
},
{
"name": "ADV-2006-4400",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4400"
},
{
"name": "20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451100/100/0/threaded"
},
{
"name": "22778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22778"
},
{
"name": "22814",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22814"
},
{
"name": "oval:org.mitre.oval:def:11840",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840"
},
{
"name": "20956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20956"
},
{
"name": "MDKSA-2006:204",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:204"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.org/txt/release-4.5"
},
{
"name": "20061201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "OpenPKG-SA-2006.032",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "RHSA-2006:0738",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0738.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-5794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017183",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017183"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=461854\u0026group_id=69227",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=461854\u0026group_id=69227"
},
{
"name": "22932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22932"
},
{
"name": "22773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22773"
},
{
"name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
},
{
"name": "https://issues.rpath.com/browse/RPL-766",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-766"
},
{
"name": "22872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22872"
},
{
"name": "22772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22772"
},
{
"name": "ADV-2006-4399",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4399"
},
{
"name": "23513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23513"
},
{
"name": "23680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23680"
},
{
"name": "SUSE-SR:2006:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "24055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24055"
},
{
"name": "22771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22771"
},
{
"name": "openssh-separation-verificaton-weakness(30120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30120"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm"
},
{
"name": "ADV-2006-4400",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4400"
},
{
"name": "20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451100/100/0/threaded"
},
{
"name": "22778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22778"
},
{
"name": "22814",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22814"
},
{
"name": "oval:org.mitre.oval:def:11840",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840"
},
{
"name": "20956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20956"
},
{
"name": "MDKSA-2006:204",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:204"
},
{
"name": "http://www.openssh.org/txt/release-4.5",
"refsource": "CONFIRM",
"url": "http://www.openssh.org/txt/release-4.5"
},
{
"name": "20061201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
},
{
"name": "OpenPKG-SA-2006.032",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html"
},
{
"name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"name": "RHSA-2006:0738",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0738.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-5794",
"datePublished": "2006-11-08T20:00:00",
"dateReserved": "2006-11-08T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3844
Vulnerability from cvelistv5
Published
2008-08-27 20:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm | x_refsource_CONFIRM | |
| http://www.redhat.com/security/data/openssh-blacklist.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2821 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31575 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2008-0855.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44747 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1020730 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/30794 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32241 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redhat.com/security/data/openssh-blacklist.html"
},
{
"name": "ADV-2008-2821",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"name": "31575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31575"
},
{
"name": "RHSA-2008:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"name": "openssh-rhel-backdoor(44747)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
},
{
"name": "1020730",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020730"
},
{
"name": "30794",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30794"
},
{
"name": "32241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redhat.com/security/data/openssh-blacklist.html"
},
{
"name": "ADV-2008-2821",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"name": "31575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31575"
},
{
"name": "RHSA-2008:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"name": "openssh-rhel-backdoor(44747)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
},
{
"name": "1020730",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020730"
},
{
"name": "30794",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30794"
},
{
"name": "32241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"name": "http://www.redhat.com/security/data/openssh-blacklist.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/security/data/openssh-blacklist.html"
},
{
"name": "ADV-2008-2821",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"name": "31575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31575"
},
{
"name": "RHSA-2008:0855",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"name": "openssh-rhel-backdoor(44747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
},
{
"name": "1020730",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020730"
},
{
"name": "30794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30794"
},
{
"name": "32241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3844",
"datePublished": "2008-08-27T20:00:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9278
Vulnerability from cvelistv5
Published
2014-12-06 15:00
Modified
2024-08-06 13:40
Severity ?
EPSS score ?
Summary
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/71420 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2014/12/04/17 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2015-0425.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1169843 | x_refsource_CONFIRM | |
| https://bugzilla.mindrot.org/show_bug.cgi?id=1867 | x_refsource_CONFIRM | |
| http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99090 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2014/12/02/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "71420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71420"
},
{
"name": "[oss-security] 20141204 Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17"
},
{
"name": "RHSA-2015:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855"
},
{
"name": "openssh-gssservkrb5-sec-bypass(99090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090"
},
{
"name": "[oss-security] 20141202 CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "71420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71420"
},
{
"name": "[oss-security] 20141204 Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17"
},
{
"name": "RHSA-2015:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855"
},
{
"name": "openssh-gssservkrb5-sec-bypass(99090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090"
},
{
"name": "[oss-security] 20141202 CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-9278",
"datePublished": "2014-12-06T15:00:00",
"dateReserved": "2014-12-04T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0361
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2344 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/2116 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2001/dsa-027 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2001/dsa-023 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6082 | vdb-entry, x_refsource_XF | |
| http://www.ciac.org/ciac/bulletins/l-047.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.debian.org/security/2001/dsa-086 | vendor-advisory, x_refsource_DEBIAN | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://marc.info/?l=bugtraq&m=98158450021686&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.novell.com/linux/security/advisories/adv004_ssh.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2344"
},
{
"name": "2116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2116"
},
{
"name": "DSA-027",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-027"
},
{
"name": "DSA-023",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-023"
},
{
"name": "ssh-session-key-recovery(6082)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6082"
},
{
"name": "L-047",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/l-047.shtml"
},
{
"name": "DSA-086",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-086"
},
{
"name": "FreeBSD-SA-01:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc"
},
{
"name": "20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98158450021686\u0026w=2"
},
{
"name": "SuSE-SA:2001:04",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/adv004_ssh.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a \"Bleichenbacher attack\" on PKCS#1 version 1.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2344"
},
{
"name": "2116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2116"
},
{
"name": "DSA-027",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-027"
},
{
"name": "DSA-023",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-023"
},
{
"name": "ssh-session-key-recovery(6082)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6082"
},
{
"name": "L-047",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/l-047.shtml"
},
{
"name": "DSA-086",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-086"
},
{
"name": "FreeBSD-SA-01:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc"
},
{
"name": "20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98158450021686\u0026w=2"
},
{
"name": "SuSE-SA:2001:04",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/adv004_ssh.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a \"Bleichenbacher attack\" on PKCS#1 version 1.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2344"
},
{
"name": "2116",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2116"
},
{
"name": "DSA-027",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-027"
},
{
"name": "DSA-023",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-023"
},
{
"name": "ssh-session-key-recovery(6082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6082"
},
{
"name": "L-047",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-047.shtml"
},
{
"name": "DSA-086",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-086"
},
{
"name": "FreeBSD-SA-01:24",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc"
},
{
"name": "20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98158450021686\u0026w=2"
},
{
"name": "SuSE-SA:2001:04",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/adv004_ssh.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0361",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4109
Vulnerability from cvelistv5
Published
2008-09-17 18:06
Modified
2024-08-07 10:00
Severity ?
EPSS score ?
Summary
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/usn-649-1 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45202 | vdb-entry | |
| http://secunia.com/advisories/31885 | third-party-advisory | |
| http://www.securitytracker.com/id?1020891 | vdb-entry | |
| http://www.debian.org/security/2008/dsa-1638 | vendor-advisory | |
| http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html | vendor-advisory | |
| http://secunia.com/advisories/32080 | third-party-advisory | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678 | ||
| http://secunia.com/advisories/32181 | third-party-advisory | |
| http://www.openwall.com/lists/oss-security/2024/07/01/3 | mailing-list |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2008-4109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T17:46:27.119928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T17:46:34.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-649-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "openssh-signalhandler-dos(45202)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
},
{
"name": "31885",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/31885"
},
{
"name": "1020891",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020891"
},
{
"name": "DSA-1638",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"name": "SUSE-SR:2008:020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name": "32080",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/32080"
},
{
"tags": [
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"name": "32181",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/32181"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T10:06:08.789359",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-649-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "openssh-signalhandler-dos(45202)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
},
{
"name": "31885",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/31885"
},
{
"name": "1020891",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id?1020891"
},
{
"name": "DSA-1638",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"name": "SUSE-SR:2008:020",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name": "32080",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/32080"
},
{
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"name": "32181",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/32181"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4109",
"datePublished": "2008-09-17T18:06:00",
"dateReserved": "2008-09-16T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10708
Vulnerability from cvelistv5
Published
2018-01-21 22:00
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openssh.com/releasenotes.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20180423-0003/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html | mailing-list, x_refsource_MLIST | |
| https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 | x_refsource_MISC | |
| https://usn.ubuntu.com/3809-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/102780 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html | mailing-list, x_refsource_MLIST | |
| http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html | x_refsource_MISC | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10284 | x_refsource_CONFIRM | |
| https://support.f5.com/csp/article/K32485746?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/releasenotes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180423-0003/"
},
{
"name": "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
},
{
"name": "USN-3809-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3809-1/"
},
{
"name": "102780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102780"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T12:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/releasenotes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180423-0003/"
},
{
"name": "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
},
{
"name": "USN-3809-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3809-1/"
},
{
"name": "102780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102780"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssh.com/releasenotes.html",
"refsource": "MISC",
"url": "https://www.openssh.com/releasenotes.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180423-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180423-0003/"
},
{
"name": "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
},
{
"name": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737",
"refsource": "MISC",
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
},
{
"name": "USN-3809-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3809-1/"
},
{
"name": "102780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102780"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html",
"refsource": "MISC",
"url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"name": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10708",
"datePublished": "2018-01-21T22:00:00",
"dateReserved": "2018-01-21T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3115
Vulnerability from cvelistv5
Published
2016-03-22 10:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssh.com/txt/x11fwd.adv"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
},
{
"name": "FreeBSD-SA-16:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "39569",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39569/"
},
{
"name": "RHSA-2016:0466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
},
{
"name": "1035249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035249"
},
{
"name": "FEDORA-2016-fc1cc33e05",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
},
{
"name": "FEDORA-2016-d339d610c1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa121"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"name": "84314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84314"
},
{
"name": "FEDORA-2016-0bcab055a7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "FEDORA-2016-08e5803496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
},
{
"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/47"
},
{
"name": "RHSA-2016:0465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
},
{
"name": "FEDORA-2016-188267b485",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
},
{
"name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/46"
},
{
"name": "FEDORA-2016-bb59db3c86",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssh.com/txt/x11fwd.adv"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
},
{
"name": "FreeBSD-SA-16:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "39569",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39569/"
},
{
"name": "RHSA-2016:0466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
},
{
"name": "1035249",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035249"
},
{
"name": "FEDORA-2016-fc1cc33e05",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
},
{
"name": "FEDORA-2016-d339d610c1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa121"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"name": "84314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84314"
},
{
"name": "FEDORA-2016-0bcab055a7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "FEDORA-2016-08e5803496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
},
{
"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/47"
},
{
"name": "RHSA-2016:0465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
},
{
"name": "FEDORA-2016-188267b485",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
},
{
"name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/46"
},
{
"name": "FEDORA-2016-bb59db3c86",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openssh.com/txt/x11fwd.adv",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/x11fwd.adv"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115",
"refsource": "MISC",
"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
},
{
"name": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
},
{
"name": "FreeBSD-SA-16:14",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "39569",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39569/"
},
{
"name": "RHSA-2016:0466",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c",
"refsource": "CONFIRM",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
},
{
"name": "1035249",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035249"
},
{
"name": "FEDORA-2016-fc1cc33e05",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
},
{
"name": "FEDORA-2016-d339d610c1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa121",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa121"
},
{
"name": "GLSA-201612-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"name": "84314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84314"
},
{
"name": "FEDORA-2016-0bcab055a7",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "FEDORA-2016-08e5803496",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
},
{
"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/47"
},
{
"name": "RHSA-2016:0465",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
},
{
"name": "FEDORA-2016-188267b485",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
},
{
"name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/46"
},
{
"name": "FEDORA-2016-bb59db3c86",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3115",
"datePublished": "2016-03-22T10:00:00",
"dateReserved": "2016-03-10T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2532
Vulnerability from cvelistv5
Published
2014-03-18 01:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "59855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59855"
},
{
"name": "57574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57574"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0143.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBUX03188",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "57488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57488"
},
{
"name": "MDVSA-2015:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "59313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59313"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2014-6380",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"name": "DSA-2894",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"name": "RHSA-2014:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"name": "1029925",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029925"
},
{
"name": "[security-announce] 20140315 Announce: OpenSSH 6.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=139492048027313\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "USN-2155-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2155-1"
},
{
"name": "FEDORA-2014-6569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"name": "openssh-cve20142532-sec-bypass(91986)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986"
},
{
"name": "MDVSA-2014:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"name": "66355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "59855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59855"
},
{
"name": "57574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57574"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0143.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBUX03188",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "57488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57488"
},
{
"name": "MDVSA-2015:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "59313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59313"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2014-6380",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"name": "DSA-2894",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"name": "RHSA-2014:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"name": "1029925",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029925"
},
{
"name": "[security-announce] 20140315 Announce: OpenSSH 6.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=139492048027313\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "USN-2155-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2155-1"
},
{
"name": "FEDORA-2014-6569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"name": "openssh-cve20142532-sec-bypass(91986)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986"
},
{
"name": "MDVSA-2014:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"name": "66355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "59855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59855"
},
{
"name": "57574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57574"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0143.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0143.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBUX03188",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "SSRT101487",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"name": "57488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57488"
},
{
"name": "MDVSA-2015:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "59313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59313"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2014-6380",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"name": "DSA-2894",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"name": "RHSA-2014:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"name": "1029925",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029925"
},
{
"name": "[security-announce] 20140315 Announce: OpenSSH 6.6 released",
"refsource": "MLIST",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=139492048027313\u0026w=2"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "USN-2155-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2155-1"
},
{
"name": "FEDORA-2014-6569",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"name": "openssh-cve20142532-sec-bypass(91986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986"
},
{
"name": "MDVSA-2014:068",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"name": "66355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2532",
"datePublished": "2014-03-18T01:00:00",
"dateReserved": "2014-03-17T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5000
Vulnerability from cvelistv5
Published
2012-04-04 10:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2011/Aug/2 | mailing-list, x_refsource_FULLDISC | |
| http://rhn.redhat.com/errata/RHSA-2012-0884.html | vendor-advisory, x_refsource_REDHAT | |
| http://site.pi3.com.pl/adv/ssh_1.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110801 Useless OpenSSH resources exhausion bug via GSSAPI",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Aug/2"
},
{
"name": "RHSA-2012:0884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://site.pi3.com.pl/adv/ssh_1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110801 Useless OpenSSH resources exhausion bug via GSSAPI",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Aug/2"
},
{
"name": "RHSA-2012:0884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://site.pi3.com.pl/adv/ssh_1.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110801 Useless OpenSSH resources exhausion bug via GSSAPI",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Aug/2"
},
{
"name": "RHSA-2012:0884",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"
},
{
"name": "http://site.pi3.com.pl/adv/ssh_1.txt",
"refsource": "MISC",
"url": "http://site.pi3.com.pl/adv/ssh_1.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5000",
"datePublished": "2012-04-04T10:00:00",
"dateReserved": "2011-12-24T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3102
Vulnerability from cvelistv5
Published
2007-10-18 20:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28319"
},
{
"name": "RHSA-2007:0555",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"
},
{
"name": "FEDORA-2007-715",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
},
{
"name": "27588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27588"
},
{
"name": "oval:org.mitre.oval:def:11124",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"name": "39214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39214"
},
{
"name": "RHSA-2007:0737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248059"
},
{
"name": "27235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27235"
},
{
"name": "RHSA-2007:0703",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"name": "28320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28320"
},
{
"name": "RHSA-2007:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"name": "27590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"
},
{
"name": "26097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "28319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28319"
},
{
"name": "RHSA-2007:0555",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"
},
{
"name": "FEDORA-2007-715",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
},
{
"name": "27588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27588"
},
{
"name": "oval:org.mitre.oval:def:11124",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"name": "39214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39214"
},
{
"name": "RHSA-2007:0737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248059"
},
{
"name": "27235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27235"
},
{
"name": "RHSA-2007:0703",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"name": "28320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28320"
},
{
"name": "RHSA-2007:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"name": "27590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"
},
{
"name": "26097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-3102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28319",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28319"
},
{
"name": "RHSA-2007:0555",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"
},
{
"name": "FEDORA-2007-715",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
},
{
"name": "27588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27588"
},
{
"name": "oval:org.mitre.oval:def:11124",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"name": "39214",
"refsource": "OSVDB",
"url": "http://osvdb.org/39214"
},
{
"name": "RHSA-2007:0737",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=248059",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248059"
},
{
"name": "27235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27235"
},
{
"name": "RHSA-2007:0703",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"name": "28320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28320"
},
{
"name": "RHSA-2007:0540",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"name": "27590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27590"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"
},
{
"name": "26097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-3102",
"datePublished": "2007-10-18T20:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-26465
Vulnerability from cvelistv5
Published
2025-02-18 18:27
Modified
2025-05-16 14:01
Severity ?
EPSS score ?
Summary
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:3837 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:6993 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2025-26465 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2344780 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 6.8p1 < |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-03T17:48:15.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/1"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/4"
},
{
"url": "https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1237040"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-26465"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig"
},
{
"url": "https://ubuntu.com/security/CVE-2025-26465"
},
{
"url": "https://www.openssh.com/releasenotes.html#9.9p2"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250228-0003/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26465",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:02:09.369445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:02:45.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://seclists.org/oss-sec/2025/q1/144"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.openssh.com/",
"defaultStatus": "unaffected",
"packageName": "OpenSSH",
"repo": "https://anongit.mindrot.org/openssh.git",
"versions": [
{
"lessThanOrEqual": "9.9p1",
"status": "affected",
"version": "6.8p1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-45.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-45.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-38.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unknown",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T14:01:39.226Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:3837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3837"
},
{
"name": "RHSA-2025:6993",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:6993"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26465"
},
{
"name": "RHBZ#2344780",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-10T21:56:03.853000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-17T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26465",
"datePublished": "2025-02-18T18:27:16.843Z",
"dateReserved": "2025-02-10T18:31:47.978Z",
"dateUpdated": "2025-05-16T14:01:39.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-01-10 21:29
Modified
2024-11-21 04:01
Severity ?
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
"versionEndIncluding": "7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271",
"versionEndIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67E048EC-4A4F-4F0A-B0B5-F234700293DA",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "483F5457-7E06-46F3-A808-194289B98AFF",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5644E3E-941A-429A-9AFB-C1023659C1C2",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1318DD-6AF4-490D-A4AE-079BA544EF8F",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5",
"versionEndExcluding": "3.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
"versionEndExcluding": "3.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side."
},
{
"lang": "es",
"value": "En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo \".\" o un nombre de archivo vac\u00edo. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente."
}
],
"id": "CVE-2018-20685",
"lastModified": "2024-11-21T04:01:59.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-10T21:29:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/106531"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/106531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-19 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 1.2 | |
| openbsd | openssh | 1.2.3 | |
| ssh | ssh | 1.2.14 | |
| ssh | ssh | 1.2.15 | |
| ssh | ssh | 1.2.16 | |
| ssh | ssh | 1.2.17 | |
| ssh | ssh | 1.2.18 | |
| ssh | ssh | 1.2.19 | |
| ssh | ssh | 1.2.20 | |
| ssh | ssh | 1.2.21 | |
| ssh | ssh | 1.2.22 | |
| ssh | ssh | 1.2.23 | |
| ssh | ssh | 1.2.24 | |
| ssh | ssh | 1.2.25 | |
| ssh | ssh | 1.2.26 | |
| ssh | ssh | 1.2.27 | |
| ssh | ssh | 1.2.28 | |
| ssh | ssh | 1.2.29 | |
| ssh | ssh | 1.2.30 | |
| ssh | ssh | 1.2.31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "41BF66ED-CB08-440E-AC05-A31371B7A380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EE3216-D8FF-43F0-9329-6676E2CEC250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9310E12D-1136-4AD6-9678-8ADCD9EE58C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEDF399-58DE-491A-8B51-87E0392FF9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDF2DE8-8559-4BED-80AE-E1420BBF4043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "23EB8421-76BF-47D1-B294-68412D5E4572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9560989-5342-4C6B-974F-7D90C467BA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "971835AF-E908-4C74-9DE0-167349138DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D49C5-54B4-4437-A2D3-3EBFA1D9A3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "926B57D7-009C-4317-ACFB-98551FADC5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EDBA45-FDEE-4D4B-A6FF-7E953B523DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF5BDEF-E86B-4F4D-AF6D-B27044A96B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0FF07F-E13B-425F-9892-C50B326B2944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "338EDA76-05D6-48C0-952E-6244A5F206F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F719468E-A218-4EB5-9F8D-7841E84F44C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4FCD36-0009-4A93-A190-8FDD11C672CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "71727854-1B75-465F-AF8C-DFE6EFF46B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "64B76EA2-D3A6-4751-ADE6-998C2A7B44FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack."
}
],
"id": "CVE-2000-0992",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html"
},
{
"source": "cve@mitre.org",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1742"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5312"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-21 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_storage_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D7D468-C829-4A4E-8865-E62D8EC5E274",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243."
},
{
"lang": "es",
"value": "OpenSSH, cuando utiliza OPIE(One-Time Passwords in Everything) para PAM, permiet a atacantes remotos determinar la existencia de ciertas cuentas de usuarios, lo cual muestra una respuesta diferente si la cuenta de usuario existe y si est\u00e1 configurada para utilizar one-time passwords (OTP), un asunto similar es el CVE-2007-2243."
}
],
"id": "CVE-2007-2768",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-21T20:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/34601"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191107-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/34601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191107-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. OPIE for PAM is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2007-05-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "689B5DE2-D3F3-49D6-8C80-AFE4EAFEE092",
"versionEndIncluding": "2.9.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands."
}
],
"id": "CVE-2001-0816",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
},
{
"source": "cve@mitre.org",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5536"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-154.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7634"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-23 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 3.0 | |
| openbsd | openssh | 3.0.1 | |
| openbsd | openssh | 3.0.1p1 | |
| openbsd | openssh | 3.0.2 | |
| openbsd | openssh | 3.0.2p1 | |
| openbsd | openssh | 3.0p1 | |
| openbsd | openssh | 3.1 | |
| openbsd | openssh | 3.1p1 | |
| openbsd | openssh | 3.2 | |
| openbsd | openssh | 3.2.2p1 | |
| openbsd | openssh | 3.2.3p1 | |
| openbsd | openssh | 3.3 | |
| openbsd | openssh | 3.3p1 | |
| openbsd | openssh | 3.4 | |
| openbsd | openssh | 3.4p1 | |
| openbsd | openssh | 3.5 | |
| openbsd | openssh | 3.5p1 | |
| openbsd | openssh | 3.6 | |
| openbsd | openssh | 3.6.1 | |
| openbsd | openssh | 3.6.1p1 | |
| openbsd | openssh | 3.6.1p2 | |
| openbsd | openssh | 3.7 | |
| openbsd | openssh | 3.7.1 | |
| openbsd | openssh | 3.7.1p2 | |
| openbsd | openssh | 3.8 | |
| openbsd | openssh | 3.8.1 | |
| openbsd | openssh | 3.8.1p1 | |
| openbsd | openssh | 3.9 | |
| openbsd | openssh | 3.9.1 | |
| openbsd | openssh | 3.9.1p1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user\u0027s account to generate a list of additional targets that are more likely to have the same password or key."
}
],
"id": "CVE-2005-2666",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://nms.csail.mit.edu/projects/ssh/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19243"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25098"
},
{
"source": "cve@mitre.org",
"url": "http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0257.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://nms.csail.mit.edu/projects/ssh/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0257.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162681\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n",
"lastModified": "2006-09-20T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-26 19:15
Modified
2024-11-21 06:26
Severity ?
Summary
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| netapp | active_iq_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | hci_management_node | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire | - | |
| netapp | aff_a250_firmware | - | |
| netapp | aff_a250 | - | |
| netapp | aff_500f_firmware | - | |
| netapp | aff_500f | - | |
| oracle | http_server | 12.2.1.2.0 | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | zfs_storage_appliance_kit | 8.8 | |
| starwindsoftware | starwind_virtual_san | v8r13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F20A48B-F6C5-4296-82AE-DA00D6A20BCE",
"versionEndExcluding": "8.8",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5DE972-F8B8-4964-943A-DA0BD18289D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B1F59C-6ADA-4930-834F-2A8A8444F6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "578BB9A7-BF28-4068-A9A6-1DE19CEEC293",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB58180-E5E0-4056-ABF9-A99E9F6A9E86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38A45A86-3B7E-4245-B717-2A6E868BE6BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*",
"matchCriteriaId": "DE49F316-C502-4D7A-AA70-D7745AEDAA93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user."
},
{
"lang": "es",
"value": "sshd en OpenSSH versiones 6.2 hasta 8.x anteriores a 8.8, cuando son usadas determinadas configuraciones no predeterminadas, permite una escalada de privilegios porque los grupos complementarios no son inicializados como se espera. Los programas de ayuda para AuthorizedKeysCommand y AuthorizedPrincipalsCommand pueden ejecutarse con privilegios asociados a la pertenencia a grupos del proceso sshd, si la configuraci\u00f3n especifica la ejecuci\u00f3n del comando como un usuario diferente"
}
],
"id": "CVE-2021-41617",
"lastModified": "2024-11-21T06:26:32.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-26T19:15:07.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190975"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0004/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssh.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.openssh.com/txt/release-8.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/09/26/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.starwindsoftware.com/security/sw-20220805-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/plugins/nessus/154174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssh.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.openssh.com/txt/release-8.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/09/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.starwindsoftware.com/security/sw-20220805-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/plugins/nessus/154174"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges."
},
{
"lang": "es",
"value": "La funci\u00f3n de conversaci\u00f3n PAM en OpenSSH 3.7.1 y 3.7.1p1 interpreta un array de estructuras como un array de punteros, lo que permite a atacantes modificar la pila y posiblemente ganar privilegios."
}
],
"id": "CVE-2003-0787",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/209807"
},
{
"source": "cve@mitre.org",
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/209807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-14 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA93870-577B-4D53-A61D-22E024F96B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*",
"matchCriteriaId": "9857D3A8-7942-4624-B3D6-9943D34030B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:110:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D7BF2E-1DEB-474A-8DEE-0A2D1A9B1A77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:120:*:*:*:*:*:*:*",
"matchCriteriaId": "CE59783E-6A2D-4777-9BA2-8527DA6B32BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:220:*:*:*:*:*:*:*",
"matchCriteriaId": "646FEB9F-2F54-4946-9687-C2EC28144C97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:320:*:*:*:*:*:*:*",
"matchCriteriaId": "57654458-F143-4D70-9D52-0A242F3177A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:425:*:*:*:*:*:*:*",
"matchCriteriaId": "A6527EC0-536E-4BF0-9949-8FA4A4E64688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:525:*:*:*:*:*:*:*",
"matchCriteriaId": "21A9EA52-E9F1-4267-86BC-570ED1ECC7B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:625:*:*:*:*:*:*:*",
"matchCriteriaId": "280976E2-D7A8-43B7-A57C-66920BC91DAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "727CC471-6473-4C8D-8D1A-D8B3C6AB21CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "4CEDBF5F-23BD-4A60-926A-B822D5E3BFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "CAF922B2-2FE6-4401-A4F1-914C637F5450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "4ECE74F4-8E7B-42FA-A2DD-2EE0681DA4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "AA9D704A-D1E7-4989-9136-1EAD72EF6BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "78735121-6BA0-4158-B3D5-E4BACCA5E95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*",
"matchCriteriaId": "270BABBA-70A8-4FC7-962D-0D0D40F4497F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "A710EC9F-1352-4DF0-B1CF-9C51ACB078CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4F797B-8E2C-41AC-AA29-D6B50A539B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "7F482203-0CF1-403C-A25C-9B0DA24F6282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1E74684E-71D3-4458-A8BA-5248982273F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "9F3D478C-221F-4A07-8520-CD8856A75DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B018B05B-1311-4E0F-A9D0-620C1BF904A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "728372F8-6561-473D-B54D-1DB41DA1CF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "11BDA49F-C3E7-4D32-8105-E75525BFB2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "CE153B9F-721D-42ED-A662-C2597B7BF073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "254243DD-2E3E-48ED-A92C-8F4FD405DA57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "BCF734D8-1F01-498C-A917-5B528BFD9CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "492F661C-45E4-4B9B-AD26-1873D91DBEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "546EB570-C2AC-473B-BED8-C47167D2593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA2C8269-9C66-4E41-A56C-ACC709DC2053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64382F2C-15AC-41FE-A936-CEB44C1AFB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "20B099B9-3D7E-47A4-94A5-B89759189D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "65A8629A-CFAE-4403-BEE7-622912483702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "50836FA3-8116-4D58-B73E-B4830FB3A551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D0607649-62FE-41CB-9444-53CD9C5B67C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "3397D8DC-3410-401F-8854-BFCC35AD6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0FB8D5-75CB-4691-AB9F-B4FA46973421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "42DCED2D-76C5-49D1-A72D-E578CF686F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1B240-BD86-41D3-BAC1-96005CB31DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "4BFC8587-FB9E-4FE2-B725-81CE3CE590F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:remote_device_access_virtual_customer_access_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E172D760-1D72-4712-8A80-E9FB5B076E7F",
"versionEndIncluding": "15.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
"versionEndIncluding": "10.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."
},
{
"lang": "es",
"value": "La funci\u00f3n resend_bytes en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2 permite a servidores remotos obtener informaci\u00f3n sensible desde la memoria de proceso mediante la petici\u00f3n de transmisi\u00f3n de un buffer completo, seg\u00fan lo demostrado mediante la lectura de una clave privada."
}
],
"id": "CVE-2016-0777",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-14T22:59:01.140",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/80695"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/80695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT206167"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-06-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d."
}
],
"id": "CVE-2001-1459",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=99324968918628\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/797027"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2917"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=99324968918628\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/797027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 3.0 | |
| openbsd | openssh | 3.0.1 | |
| openbsd | openssh | 3.0.1p1 | |
| openbsd | openssh | 3.0.2 | |
| openbsd | openssh | 3.0.2p1 | |
| openbsd | openssh | 3.0p1 | |
| openbsd | openssh | 3.1 | |
| openbsd | openssh | 3.1p1 | |
| openbsd | openssh | 3.2 | |
| openbsd | openssh | 3.2.2p1 | |
| openbsd | openssh | 3.2.3p1 | |
| openbsd | openssh | 3.3 | |
| openbsd | openssh | 3.3p1 | |
| openbsd | openssh | 3.4 | |
| openbsd | openssh | 3.4p1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en scp de OpenSSH anteriores a 3.4p1 permite a servidores remotos maliciosos sobreescribir ficheros de su eleccion."
}
],
"id": "CVE-2004-0175",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000831"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17135"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19243"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.juniper.net/support/security/alerts/adv59739.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:100"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:191"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2004_09_kernel.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9550"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-074.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-106.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-165.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-481.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-495.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-562.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-567.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9986"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16323"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.juniper.net/support/security/alerts/adv59739.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2004_09_kernel.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-165.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-481.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-495.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-21 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| redhat | linux | 7.0 | |
| redhat | linux | 7.1 | |
| redhat | linux | 7.2 | |
| suse | suse_linux | 6.4 | |
| suse | suse_linux | 7.0 | |
| suse | suse_linux | 7.1 | |
| suse | suse_linux | 7.2 | |
| suse | suse_linux | 7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD465DC-BAA4-4582-A5A1-824DF20E339C",
"versionEndIncluding": "3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7786607A-362E-4817-A17E-C76D6A1F737D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E7D75A-333E-4C63-9593-F64ABA5D1CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "819868A7-EB1E-4CA9-8D71-72F194E5EFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0519FF7D-363E-4530-9E63-6EA3E88432DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE3FF4F-646F-4E05-A08A-C9399DEF60F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges."
},
{
"lang": "es",
"value": "OpenSSH 3.0.1 y anteriores con UseLogin activado no limpia variables de entorno cr\u00edticas como LD_PRELOAD, lo que permite a usuario locales ganar privilegios de root."
}
],
"id": "CVE-2001-0872",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000446"
},
{
"source": "cve@mitre.org",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100749779131514\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=100747128105913\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/m-026.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2001/dsa-091"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/157447"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/688"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-161.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3614"
},
{
"source": "cve@mitre.org",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100749779131514\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=100747128105913\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/m-026.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2001/dsa-091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/157447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-161.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-18 05:18
Modified
2025-04-12 10:46
Severity ?
Summary
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0473C6C9-B0C5-43F0-AC8C-C0DAD30DACF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87697D9A-08E0-462D-ABAC-71A48036CE69",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character."
},
{
"lang": "es",
"value": "sshd en OpenSSH anterior a 6.6 no soporta debidamente comodines en l\u00edneas AcceptEnv en sshd_config, lo que permite a atacantes remotos evadir restricciones de entorno mediante el uso de una subcadena localizada antes de un caracter de comod\u00edn."
}
],
"id": "CVE-2014-2532",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2014-03-18T05:18:19.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0143.html"
},
{
"source": "cve@mitre.org",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=139492048027313\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/57488"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/57574"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59313"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59855"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66355"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029925"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2155-1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT205267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0143.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=139492048027313\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2155-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205267"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-01 16:15
Modified
2024-11-21 04:59
Severity ?
Summary
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5093B8-4D79-4892-A614-5F6D4009BD72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client\u0027s download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances."
},
{
"lang": "es",
"value": "** EN DISPUTA** El cliente scp en OpenSSH versi\u00f3n 8.2 env\u00eda incorrectamente respuestas duplicadas al servidor tras un fallo en la llamada de sistema utimes, lo que permite a un usuario malicioso sin privilegios en el servidor remoto sobrescribir archivos arbitrarios en el directorio de descarga del cliente mediante la creaci\u00f3n de un subdirectorio dise\u00f1ado en cualquier lugar del servidor remoto. La v\u00edctima debe usar el comando scp -rp para descargar una jerarqu\u00eda de archivos que contenga, en cualquier lugar de su interior, este subdirectorio creado. NOTA: el vendedor se\u00f1ala que \"este ataque no puede lograr m\u00e1s de lo que un peer hostil ya se puede lograr dentro del protocolo scp\" y \"utimes no presenta un fallo bajo circunstancias normales\"."
}
],
"id": "CVE-2020-12062",
"lastModified": "2024-11-21T04:59:12.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-01T16:15:14.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.openssh.com/txt/release-8.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.openssh.com/txt/release-8.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/27/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-13 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*",
"matchCriteriaId": "4AFA4267-E15B-4826-9B98-63F68AB1627F",
"versionEndIncluding": "7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided."
},
{
"lang": "es",
"value": "sshd en OpenSSH en versiones anteriores a 7.3, cuando SHA256 o SHA512 son utilizados para el hashing de la contrase\u00f1a del usuario, utiliza BLOWFISH hashing en una contrase\u00f1a est\u00e1tica cuando no existe el nombre de usuario, lo que permite a atacantes remotos enumerar usuarios aprovechando la diferencia de tiempo entre respuestas cuando se proporciona una contrase\u00f1a grande."
}
],
"id": "CVE-2016-6210",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T17:59:00.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Jul/51"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3626"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91812"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036319"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2563"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20190206-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40113/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40136/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.openssh.com/txt/release-7.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Jul/51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20190206-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40113/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40136/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.openssh.com/txt/release-7.3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability."
}
],
"id": "CVE-2004-2760",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4100"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/360198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/360198"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
"lastModified": "2008-08-11T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 1.2 | |
| openbsd | openssh | 1.2.1 | |
| openbsd | openssh | 1.2.2 | |
| openbsd | openssh | 1.2.3 | |
| openbsd | openssh | 1.2.27 | |
| openbsd | openssh | 1.3 | |
| openbsd | openssh | 1.5 | |
| openbsd | openssh | 1.5.7 | |
| openbsd | openssh | 1.5.8 | |
| openbsd | openssh | 2 | |
| openbsd | openssh | 2.1 | |
| openbsd | openssh | 2.1.1 | |
| openbsd | openssh | 2.2 | |
| openbsd | openssh | 2.3 | |
| openbsd | openssh | 2.3.1 | |
| openbsd | openssh | 2.5 | |
| openbsd | openssh | 2.5.1 | |
| openbsd | openssh | 2.5.2 | |
| openbsd | openssh | 2.9 | |
| openbsd | openssh | 2.9.9 | |
| openbsd | openssh | 2.9.9p2 | |
| openbsd | openssh | 2.9p1 | |
| openbsd | openssh | 2.9p2 | |
| openbsd | openssh | 3.0 | |
| openbsd | openssh | 3.0.1 | |
| openbsd | openssh | 3.0.1p1 | |
| openbsd | openssh | 3.0.2 | |
| openbsd | openssh | 3.0.2p1 | |
| openbsd | openssh | 3.0p1 | |
| openbsd | openssh | 3.1 | |
| openbsd | openssh | 3.1p1 | |
| openbsd | openssh | 3.2 | |
| openbsd | openssh | 3.2.2 | |
| openbsd | openssh | 3.2.2p1 | |
| openbsd | openssh | 3.2.3p1 | |
| openbsd | openssh | 3.3 | |
| openbsd | openssh | 3.3p1 | |
| openbsd | openssh | 3.4 | |
| openbsd | openssh | 3.4p1 | |
| openbsd | openssh | 3.5 | |
| openbsd | openssh | 3.5p1 | |
| openbsd | openssh | 3.6 | |
| openbsd | openssh | 3.6.1 | |
| openbsd | openssh | 3.6.1p1 | |
| openbsd | openssh | 3.6.1p2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE60A415-91E3-4819-A252-E86A32EC3018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190."
}
],
"id": "CVE-2003-1562",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/320153"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/320302"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/320440"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7482"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/320153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/320302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/320440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which is in maintenance mode.",
"lastModified": "2008-08-11T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged."
}
],
"id": "CVE-2001-1507",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/7598.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openbsd.org/errata30.html#sshd"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/7598.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openbsd.org/errata30.html#sshd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3560"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-09-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1779D8-B799-4E1A-9783-9536CF009013",
"versionEndIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695."
},
{
"lang": "es",
"value": "Un \"error de gesti\u00f3n de b\u00fafer\" en buffer_append_space de buffer.c de OpenSSH anteriores a 3.7 puede permitir a atacantes remotos ejecutar c\u00f3digo arbitrario causando que una cantidad incorrecta de memoria sea liberada, y corrompiendo el mont\u00f3n."
}
],
"id": "CVE-2003-0693",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-09-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106373247528528\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106374466212309\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-24.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/333628"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"source": "cve@mitre.org",
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106373247528528\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106374466212309\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/333628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable.\n\nThis flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.\n\nThis flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.\n\nThis flaw does not affect any subsequent versions of Red Hat Enterprise Linux.",
"lastModified": "2007-06-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-22 16:41
Modified
2025-04-09 00:30
Severity ?
Summary
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2583374-A7B3-40B8-96DA-788DBD310EAC",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7212E982-76F2-496C-9F08-EC4137F20804",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform."
},
{
"lang": "es",
"value": "OpenSSH anterior a 5.1 activa la opci\u00f3n del socket SO_REUSEADDR cuando la configuraci\u00f3n X11UseLocalhost est\u00e1 desactivada, lo que permite a usuarios locales en determinadas plataformas, secuestrar el puerto de reenv\u00edo X11 a trav\u00e9s de una \u00fanica direcci\u00f3n IP como se ha demostrado sobre la plataforma HP-UX."
}
],
"id": "CVE-2008-3259",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-22T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openssh.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31179"
},
{
"source": "cve@mitre.org",
"url": "http://www.openssh.com/txt/release-5.1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30339"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020537"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2148"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openssh.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openssh.com/txt/release-5.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43940"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2008-07-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-24 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27C9A807-7740-4D75-9B01-91ED53D14C40",
"versionEndIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n de la memoria en la funci\u00f3n mm_answer_pam_free_ctx en monitor.c en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, podr\u00eda permitir a usuarios locales obtener privilegios mediante el aprovechamiento del control del sshd uid para enviar una petici\u00f3n MONITOR_REQ_PAM_FREE_CTX inesperadamente temprana."
}
],
"id": "CVE-2015-6564",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-24T01:59:01.657",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Aug/54"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/release-7.0"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/08/22/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76317"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10136"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"source": "cve@mitre.org",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Aug/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/release-7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/08/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Severity ?
Summary
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
"versionEndIncluding": "7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D93F5251-820D-4345-8DDE-CCBBE069A9C1",
"versionEndIncluding": "5.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:mina_sshd:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6C1E77-7C54-4825-A35C-5AE7369267F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986856F8-40BE-412F-A4F0-902D4820C3E3",
"versionEndExcluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67E048EC-4A4F-4F0A-B0B5-F234700293DA",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "483F5457-7E06-46F3-A808-194289B98AFF",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5644E3E-941A-429A-9AFB-C1023659C1C2",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1318DD-6AF4-490D-A4AE-079BA544EF8F",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5",
"versionEndExcluding": "3.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
"versionEndExcluding": "3.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en OpenSSH 7.9. Debido a que la implementaci\u00f3n de SCP deriva del rcp 1983, el servidor elige qu\u00e9 archivos/directorios se est\u00e1n enviando al cliente. Sin embargo, el cliente scp solo realiza la validaci\u00f3n superficial del nombre de objeto devuelto (solo se evitan los ataques de salto de directorio). Un servidor scp malicioso (o atacante Man-in-the-Middle) puede sobrescribir archivos arbitrarios en el directorio objetivo del cliente scp. Si se realiza la operaci\u00f3n recursiva (-r), el servidor tambi\u00e9n puede manipular subdirectorios (por ejemplo, para sobrescribir el archivo .ssh/authorized_keys)"
}
],
"id": "CVE-2019-6111",
"lastModified": "2024-11-21T04:45:57.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-31T18:29:00.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106741"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3885-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46193/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3885-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46193/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 19:15
Modified
2024-11-21 08:37
Severity ?
Summary
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D91DE00B-AE34-46AC-A5B3-C40A4C1F4C17",
"versionEndExcluding": "9.6",
"versionStartIncluding": "8.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys."
},
{
"lang": "es",
"value": "En ssh-agent en OpenSSH anterior a 9.6, ciertas restricciones de destino se pueden aplicar de forma incompleta. Cuando se especifican restricciones de destino durante la adici\u00f3n de claves privadas alojadas en PKCS#11, estas restricciones solo se aplican a la primera clave, incluso si un token PKCS#11 devuelve varias claves."
}
],
"id": "CVE-2023-51384",
"lastModified": "2024-11-21T08:37:59.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T19:15:08.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-12 01:17
Modified
2025-04-09 00:30
Severity ?
Summary
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A410C8F9-717C-4657-91DD-BAEAB53ECC16",
"versionEndIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted."
},
{
"lang": "es",
"value": "ssh en OpenSSH anterior a 4.7 no maneja adecuadamente cuando una cookie no confiable no puede ser creada y utiliza una cookie X11 confiable en su lugar, lo cual permite a los atacantes violar pol\u00edticas establecidas y obtener privilegios provocando que un cliente X sea tratado como confiable."
}
],
"id": "CVE-2007-4752",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-12T01:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=191321"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27399"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30249"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31575"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32241"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3126"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:236"
},
{
"source": "cve@mitre.org",
"url": "http://www.openssh.com/txt/release-4.7"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479760/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483748/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25628"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-566-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3156"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=280471"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36637"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://issues.rpath.com/browse/RPL-1706"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=191321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openssh.com/txt/release-4.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479760/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483748/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-566-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=280471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.rpath.com/browse/RPL-1706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue did not affect the OpenSSH packages as distributed with Red Hat Enterprise Linux 2.1 or 3, as they do not support Trusted X11 forwarding.\n\nFor Red Hat Enterprise Linux 4 and 5, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2008-0855.html\n",
"lastModified": "2008-08-28T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-28 08:29
Modified
2024-11-21 03:51
Severity ?
Summary
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/oss-sec/2018/q3/180 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/105163 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20181221-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2018/q3/180 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105163 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20181221-0001/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| netapp | cloud_backup | - | |
| netapp | data_ontap_edge | - | |
| netapp | ontap_select_deploy | - | |
| netapp | steelstore | - | |
| netapp | cn1610_firmware | - | |
| netapp | cn1610 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FCBB28-0F8D-4779-9E70-42168F6E8205",
"versionEndIncluding": "7.8",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \u0027We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.\u0027"
},
{
"lang": "es",
"value": "Un comportamiento observable de forma remota en auth-gss2.c en OpenSSH hasta la versi\u00f3n 7.8 podr\u00eda ser empleado por atacantes remotos para detectar la existencia de usuarios en un sistema objetivo cuando se est\u00e1 empleando GSS2. NOTA: el descubridor indica que \"entendemos que los desarrolladores de OpenSSH no quieran tratar tal listado de nombres de usuario (u \"or\u00e1culo\") como una vulnerabilidad\"."
}
],
"id": "CVE-2018-15919",
"lastModified": "2024-11-21T03:51:43.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-28T08:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2018/q3/180"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105163"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2018/q3/180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-02 18:44
Modified
2025-04-09 00:30
Severity ?
Summary
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file."
},
{
"lang": "es",
"value": "OpenSSH versi\u00f3n 4.4 anterior a 4.9, permite a los usuarios autenticados remotos omitir la directiva ForceCommand de sshd_config mediante la modificaci\u00f3n del archivo de sesi\u00f3n .ssh/rc."
}
],
"id": "CVE-2008-1657",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-02T18:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29602"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29609"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29683"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29693"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29735"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29939"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30361"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31531"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31882"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32080"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32110"
},
{
"source": "cve@mitre.org",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openbsd.org/errata43.html#001_openssh"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/release-4.9"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28531"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019733"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1035/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-2419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openbsd.org/errata43.html#001_openssh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/release-4.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1035/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2008-04-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-27 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8E69C2-4499-4ABD-A51C-26933966E52A",
"versionEndIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."
},
{
"lang": "es",
"value": "La funci\u00f3n verify_host_key en sshconnect.c en el cliente en OpenSSH 6.6 y anteriores permite a servidores remotos provocar la evasi\u00f3n de la comprobaci\u00f3n SSHFP DNS RR mediante la presentaci\u00f3n de HostCertificate no aceptable."
}
],
"id": "CVE-2014-2653",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-27T10:55:04.513",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0166.html"
},
{
"source": "cve@mitre.org",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/03/26/7"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59855"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66459"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2164-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0166.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/03/26/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2164-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-21 22:29
Modified
2024-11-21 02:44
Severity ?
Summary
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| netapp | cloud_backup | - | |
| netapp | data_ontap | - | |
| netapp | data_ontap_edge | - | |
| netapp | oncommand_unified_manager | * | |
| netapp | service_processor | - | |
| netapp | storagegrid | - | |
| netapp | storagegrid_webscale | - | |
| netapp | clustered_data_ontap | - | |
| netapp | vasa_provider | - | |
| netapp | clustered_data_ontap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "454A9C9D-EAEB-47E1-83C6-81FBC8241428",
"versionEndExcluding": "7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B85E9B9B-ADDB-4D2F-A857-685BD30CE856",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "7E49ACFC-FD48-4ED7-86E8-68B5B753852C",
"versionStartIncluding": "9.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*",
"matchCriteriaId": "813CD8F9-9F05-49A7-BB4D-E9A1D54D6DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:vasa_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "248F2C72-83DF-487E-9C21-C0AC7878E2E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c."
},
{
"lang": "es",
"value": "sshd en OpenSSH, en versiones anteriores a la 7.4, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL y cierre inesperado del demonio) mediante un mensaje NEWKEYS fuera de secuencia, tal y como demuestra Honggfuzz, relacionado con kex.c y packet.c."
}
],
"id": "CVE-2016-10708",
"lastModified": "2024-11-21T02:44:33.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-21T22:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102780"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180423-0003/"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3809-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.openssh.com/releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180423-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3809-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.openssh.com/releasenotes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-02 20:00
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7FD807-BC4A-4F8F-B9F0-49BCF2E687C7",
"versionEndIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B042083-6D26-4A91-B3F6-E6D46266FF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7212E982-76F2-496C-9F08-EC4137F20804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F25FB59-1E4F-4420-8482-8007FF5E2411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9899C87E-2C09-46AE-BC24-1ACF012784CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84241D91-1490-485B-AA07-8335CE458275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB022BE-98C4-4636-868E-FBE4B00554A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632."
},
{
"lang": "es",
"value": "La (1) funci\u00f3n remote_glob en sftp-glob.c y (2) la funci\u00f3n process_put en sftp.c en OpenSSH v5.8 y versiones anteriores, como se usa en FreeBSD v7.3 y v8.1, NetBSD v5.0.2, OpenBSD v4.7 y otros productos, permiten a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (por excesivo uso de CPU y consumo de memoria) a trav\u00e9s de expresiones glob debidamente modificadas que no coinciden con ning\u00fan nombre de ruta, como lo demuestran las expresiones glob en las solicitudes SSH_FXP_STAT a un demonio de sftp. Se trata de una vulnerabilidad diferente a CVE-2010-2632."
}
],
"id": "CVE-2010-4755",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-02T20:00:00.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/exploitalert/9223"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/exploitalert/9223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-14 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | linux | 7 | |
| oracle | solaris | 11.3 | |
| openbsd | openssh | 5.4 | |
| openbsd | openssh | 5.4 | |
| openbsd | openssh | 5.5 | |
| openbsd | openssh | 5.5 | |
| openbsd | openssh | 5.6 | |
| openbsd | openssh | 5.6 | |
| openbsd | openssh | 5.7 | |
| openbsd | openssh | 5.7 | |
| openbsd | openssh | 5.8 | |
| openbsd | openssh | 5.8 | |
| openbsd | openssh | 5.9 | |
| openbsd | openssh | 5.9 | |
| openbsd | openssh | 6.0 | |
| openbsd | openssh | 6.0 | |
| openbsd | openssh | 6.1 | |
| openbsd | openssh | 6.1 | |
| openbsd | openssh | 6.2 | |
| openbsd | openssh | 6.2 | |
| openbsd | openssh | 6.2 | |
| openbsd | openssh | 6.3 | |
| openbsd | openssh | 6.3 | |
| openbsd | openssh | 6.4 | |
| openbsd | openssh | 6.4 | |
| openbsd | openssh | 6.5 | |
| openbsd | openssh | 6.5 | |
| openbsd | openssh | 6.6 | |
| openbsd | openssh | 6.6 | |
| openbsd | openssh | 6.7 | |
| openbsd | openssh | 6.7 | |
| openbsd | openssh | 6.8 | |
| openbsd | openssh | 6.8 | |
| openbsd | openssh | 6.9 | |
| openbsd | openssh | 6.9 | |
| openbsd | openssh | 7.0 | |
| openbsd | openssh | 7.0 | |
| openbsd | openssh | 7.1 | |
| openbsd | openssh | 7.1 | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| hp | virtual_customer_access_system | * | |
| sophos | unified_threat_management_software | 9.353 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "AA9D704A-D1E7-4989-9136-1EAD72EF6BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "78735121-6BA0-4158-B3D5-E4BACCA5E95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*",
"matchCriteriaId": "270BABBA-70A8-4FC7-962D-0D0D40F4497F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "A710EC9F-1352-4DF0-B1CF-9C51ACB078CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4F797B-8E2C-41AC-AA29-D6B50A539B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "7F482203-0CF1-403C-A25C-9B0DA24F6282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1E74684E-71D3-4458-A8BA-5248982273F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "9F3D478C-221F-4A07-8520-CD8856A75DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "B018B05B-1311-4E0F-A9D0-620C1BF904A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "728372F8-6561-473D-B54D-1DB41DA1CF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "11BDA49F-C3E7-4D32-8105-E75525BFB2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "CE153B9F-721D-42ED-A662-C2597B7BF073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "254243DD-2E3E-48ED-A92C-8F4FD405DA57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "BCF734D8-1F01-498C-A917-5B528BFD9CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "492F661C-45E4-4B9B-AD26-1873D91DBEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "546EB570-C2AC-473B-BED8-C47167D2593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*",
"matchCriteriaId": "CA2C8269-9C66-4E41-A56C-ACC709DC2053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64382F2C-15AC-41FE-A936-CEB44C1AFB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "20B099B9-3D7E-47A4-94A5-B89759189D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "65A8629A-CFAE-4403-BEE7-622912483702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "50836FA3-8116-4D58-B73E-B4830FB3A551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D0607649-62FE-41CB-9444-53CD9C5B67C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "3397D8DC-3410-401F-8854-BFCC35AD6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0FB8D5-75CB-4691-AB9F-B4FA46973421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "42DCED2D-76C5-49D1-A72D-E578CF686F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1B240-BD86-41D3-BAC1-96005CB31DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "4BFC8587-FB9E-4FE2-B725-81CE3CE590F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5FFEDD-1D4A-42A1-964A-88696925859A",
"versionEndIncluding": "10.9.5",
"versionStartIncluding": "10.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4E9ED2-42E1-47F3-AFB4-C92A4E4FB554",
"versionEndIncluding": "10.10.5",
"versionStartIncluding": "10.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2461051C-EB76-4022-8BBC-B3D26635240B",
"versionEndIncluding": "10.11.3",
"versionStartIncluding": "10.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58F4BE0A-DBE6-45F7-9FA6-6A0BE2566631",
"versionEndIncluding": "15.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*",
"matchCriteriaId": "9857D3A8-7942-4624-B3D6-9943D34030B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."
},
{
"lang": "es",
"value": "Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2, cuando ciertas opciones proxy y forward se encuentran habilitadas, no mantiene adecuadamente los descriptores de archivo de conexi\u00f3n, lo que permite a servidores remotos causar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica) o posiblemente tener otro impacto no especificado mediante la petici\u00f3n de varios reenv\u00edos."
}
],
"id": "CVE-2016-0778",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-14T22:59:02.280",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/80698"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"source": "secalert@redhat.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/80698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206167"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 19:15
Modified
2024-11-21 08:37
Severity ?
Summary
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5308FBBB-F738-41C5-97A4-E40118E957CD",
"versionEndExcluding": "9.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name."
},
{
"lang": "es",
"value": "En ssh en OpenSSH anterior a 9.6, la inyecci\u00f3n de comandos del sistema operativo puede ocurrir si un nombre de usuario o nombre de host tiene metacaracteres de shell, y un token de expansi\u00f3n hace referencia a este nombre en ciertas situaciones. Por ejemplo, un repositorio Git que no es de confianza puede tener un subm\u00f3dulo con metacaracteres de shell en un nombre de usuario o nombre de host."
}
],
"id": "CVE-2023-51385",
"lastModified": "2024-11-21T08:37:59.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T19:15:08.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/26/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/kb/HT214084"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT214084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-18 19:15
Modified
2025-05-13 09:15
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| openbsd | openssh | 6.8 | |
| openbsd | openssh | 9.9 | |
| openbsd | openssh | 9.9 | |
| netapp | active_iq_unified_manager | - | |
| netapp | ontap | 9 | |
| redhat | openshift_container_platform | 4.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9E4318-20E3-420F-8EF5-7C05C3386586",
"versionEndIncluding": "9.8",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "50836FA3-8116-4D58-B73E-B4830FB3A551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*",
"matchCriteriaId": "E2B53BBB-6916-478C-A896-77C7F7E7D5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "F7A2B794-BA83-4A01-BD2E-541F18CB9E37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*",
"matchCriteriaId": "A20333EE-4C13-426E-8B54-D78679D5DDB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en OpenSSH cuando la opci\u00f3n VerifyHostKeyDNS est\u00e1 habilitada. Un ataque de m\u00e1quina en el medio puede ser realizado mediante una m\u00e1quina maliciosa que se hace pasar por un servidor leg\u00edtimo. Este problema ocurre debido a c\u00f3mo los c\u00f3digos de error de OpenSSH Mishandles en condiciones espec\u00edficas al verificar la clave del host. Para que un ataque se considere exitoso, el atacante debe lograr agotar el recurso de memoria del cliente primero, lo que gira la complejidad del ataque."
}
],
"id": "CVE-2025-26465",
"lastModified": "2025-05-13T09:15:20.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-18T19:15:29.230",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:3837"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:6993"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26465"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1237040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2025-26465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20250228-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2025-26465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/releasenotes.html#9.9p2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2025/q1/144"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-390"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 16:15
Modified
2025-05-23 02:24
Severity ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5308FBBB-F738-41C5-97A4-E40118E957CD",
"versionEndExcluding": "9.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D807DB-9E20-4792-8A9F-4BFFC841BAB7",
"versionEndExcluding": "0.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42915485-A4DA-48DD-9C15-415D2D39DC52",
"versionEndExcluding": "3.66.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F",
"versionEndExcluding": "5.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2FCF7EF-97D7-44CF-AC74-72D856901755",
"versionEndExcluding": "11.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53CAD263-1C60-43BD-86A2-C8DB15FFB4C6",
"versionEndExcluding": "14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66",
"versionEndExcluding": "6.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6209E375-10C7-4E65-A2E7-455A686717AC",
"versionEndExcluding": "9.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81",
"versionEndExcluding": "9.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A71B523-0778-46C6-A38B-64452E0BB6E7",
"versionEndIncluding": "3.66.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "418940E3-6DD1-4AA6-846A-03E059D0C681",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "411BA58A-33B6-44CA-B9D6-7F9042D46961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FA17A153-30E4-4731-8706-8F74FCA50993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB736F57-9BE3-4457-A10E-FA88D0932154",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB8D02D-87F3-414D-A3EA-43F594DAAC1B",
"versionEndExcluding": "9.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB481DA-FBFE-4CC2-9AE7-22025FA07494",
"versionEndExcluding": "0.10.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*",
"matchCriteriaId": "3D6FD459-F8E8-4126-8097-D30B4639404A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "69510F52-C699-4E7D-87EF-7000682888F0",
"versionEndIncluding": "1.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9461430B-3709-45B6-8858-2101F5AE4481",
"versionEndIncluding": "1.3.8b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9A01DF3-E20E-4F29-B5CF-DDF717D01E74",
"versionEndIncluding": "12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D25EB73D-6145-4B7D-8F14-80FD0B458E99",
"versionEndExcluding": "0.35.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77594DEC-B5F7-4911-A13D-FFE91C74BAFA",
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FF7E74-2351-4CD9-B717-FA28893293A1",
"versionEndExcluding": "2.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82A93C12-FEB6-4E82-B283-0ED7820D807E",
"versionEndIncluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B480AE79-2FA1-4281-9F0D-0DE812B9354D",
"versionEndExcluding": "build__0144",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*",
"matchCriteriaId": "826B6323-06F8-4B96-8771-3FA15A727B08",
"versionEndExcluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E315FC5C-FF19-43C9-A58A-CF2A5FF13824",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7EAD12-E398-44AF-9859-F3CA6C63BA6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77675CB7-67D7-44E9-B7FF-D224B3341AA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AAA300-691A-4957-8B69-F6888CC971B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45937289-2D64-47CB-A750-5B4F0D4664A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2C021C-A9F0-4EB4-ADED-81D8B57B4563",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF8EFFB-5686-4F28-A68F-1A8854E098CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C877879-B84B-471C-80CF-0656521CA8AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B1D946-5978-4818-BF21-A43D9C1365E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5A7736-A403-4617-8790-18E46CB74DA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0DE4E1-5D8D-40F3-8AC8-C7F736966158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BF3B2C-B121-483A-AEF2-8082F6DA5310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FD736A-8730-446A-BA3A-7B608DB62B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C504B6-3902-46E2-82B7-48AEC9CDD48D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F92E56DF-98DF-4328-B37E-4D5744E4103D",
"versionEndExcluding": "0.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "AC12508E-3C31-44EA-B4F3-29316BE9B189",
"versionEndExcluding": "0.40.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1750028C-698D-4E84-B727-8A155A46ADEB",
"versionEndExcluding": "2.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B38C0997-A8CC-473C-98CF-641FD21EB411",
"versionEndExcluding": "22.3.4.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5887F3E2-9214-4FAE-8768-441D770E27C0",
"versionEndExcluding": "23.3.4.20",
"versionStartIncluding": "23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7CB988-94C4-45BE-AD9D-9C16899A71DF",
"versionEndExcluding": "24.3.4.15",
"versionStartIncluding": "24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB749F4B-99FC-4AE8-BDB3-85B081B52F82",
"versionEndExcluding": "25.3.2.8",
"versionStartIncluding": "25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2380909A-BA9B-4A76-82F2-D2D0EF242E57",
"versionEndExcluding": "26.2.1",
"versionStartIncluding": "26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61119DB3-4336-4D3B-863A-0CCF4146E5C1",
"versionEndExcluding": "0.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFDD272-3DF0-4E3F-B69A-E7ABF4B18B24",
"versionEndExcluding": "1.11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE46983-0ABC-49F7-AC18-A78FAC7E73AA",
"versionEndExcluding": "2.14.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06BF3368-F232-4E6B-883E-A591EED5C827",
"versionEndExcluding": "2022.83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36531FB6-5682-4BF1-9785-E9D6D1C4207B",
"versionEndExcluding": "3.1.0-snapshot",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A86A51EA-B501-42F8-91E6-4EA97DED767C",
"versionEndExcluding": "4.9.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70989970-E224-4D1C-941E-BBFB2AE7285C",
"versionEndExcluding": "4.11.1.7",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7819CE3-2849-4D15-874B-F6A68EF6D65F",
"versionEndExcluding": "4.13.2.4",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A4DD8B-06AD-4F13-8F7E-1E2AAF81C119",
"versionEndExcluding": "4.15.3.1",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D91ED5E1-1D75-4B63-B0A2-B2EB6D4AC685",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B1AF39-C0B9-4031-B19A-BDDD4F337273",
"versionEndExcluding": "3.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B71B0EF-888E-45E2-A055-F59CDCC1AFC7",
"versionEndIncluding": "23.09.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF",
"versionEndIncluding": "2.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1795F7A-203F-400E-B09C-0FAF16D01CFC",
"versionEndExcluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A",
"versionEndExcluding": "2.2.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D7B0CA-C01F-4296-9425-48299E3889C5",
"versionEndIncluding": "2.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3EB0B8-9E76-4146-AB02-02E20B91D55C",
"versionEndIncluding": "0.37.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0582468A-149B-429F-978A-2AEDF4BE2606",
"versionEndIncluding": "20230101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98321BF9-5E8F-4836-842C-47713B1C2775",
"versionEndIncluding": "0.76.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76BDAFDE-4515-42E6-820F-38AF4A786CF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5920923E-0D52-44E5-801D-10B82846ED58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099",
"versionEndExcluding": "14.4",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
},
{
"lang": "es",
"value": "El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\u00f3n de extensi\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\u00f3n para la cual algunas caracter\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\u00eda haber efectos en Bitvise SSH hasta la versi\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023."
}
],
"id": "CVE-2023-48795",
"lastModified": "2025-05-23T02:24:58.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T16:15:10.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Mitigation"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Mitigation"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.terrapin-attack.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.terrapin-attack.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-07 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A80E6A-6502-4A33-83BA-7DCC606D79AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.3:release:*:*:*:*:*:*",
"matchCriteriaId": "0D6428EB-5E1A-41CB-979C-4C9402251D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.3:releng:*:*:*:*:*:*",
"matchCriteriaId": "2DCA9879-C9F5-475A-8EC9-04D151001C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.3:stable:*:*:*:*:*:*",
"matchCriteriaId": "0A94132F-4C47-49CC-B03C-8756613E9A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.4:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "46A60ED5-1D92-4B40-956F-D1801CAB9039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.4:release:*:*:*:*:*:*",
"matchCriteriaId": "3F629879-66F0-427B-86D8-D740E0E3F6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.4:releng:*:*:*:*:*:*",
"matchCriteriaId": "C89129C5-A1DB-4018-B43A-C60C8E650080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.4:stable:*:*:*:*:*:*",
"matchCriteriaId": "60F7B4A9-4036-4061-8F3D-BDC3F1282EC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting."
}
],
"id": "CVE-2006-0883",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-07T02:02:00.000",
"references": [
{
"source": "secteam@freebsd.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc"
},
{
"source": "secteam@freebsd.org",
"url": "http://bugzilla.mindrot.org/show_bug.cgi?id=839"
},
{
"source": "secteam@freebsd.org",
"url": "http://securityreason.com/securityalert/520"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015706"
},
{
"source": "secteam@freebsd.org",
"url": "http://www.osvdb.org/23797"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16892"
},
{
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0805"
},
{
"source": "secteam@freebsd.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.mindrot.org/show_bug.cgi?id=839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25116"
}
],
"sourceIdentifier": "secteam@freebsd.org",
"vendorComments": [
{
"comment": "This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-29 18:15
Modified
2024-11-21 05:02
Severity ?
Summary
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| openbsd | openssh | 8.4 | |
| openbsd | openssh | 8.5 | |
| openbsd | openssh | 8.6 | |
| netapp | aff_a700s_firmware | - | |
| netapp | aff_a700s | - | |
| netapp | active_iq_unified_manager | * | |
| netapp | hci_management_node | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2452B84-EA8F-417B-90E9-9698BB2FC7AB",
"versionEndExcluding": "8.4",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*",
"matchCriteriaId": "36402AC7-DE9D-4010-9C9D-2FB8B6E838A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*",
"matchCriteriaId": "EB4C3D47-8B47-4F0A-89D4-87D9474A99B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*",
"matchCriteriaId": "CB66ECE1-715A-4074-9355-E3512F7BCDBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected."
},
{
"lang": "es",
"value": "El lado del cliente en OpenSSH versiones 5.7 hasta 8.4, presenta una Discrepancia Observable que conlleva a una filtraci\u00f3n de informaci\u00f3n en la negociaci\u00f3n del algoritmo. Esto permite a atacantes de tipo man-in-the-middle apuntar a unos intentos iniciales de conexi\u00f3n (donde ninguna clave de host para el servidor ha sido almacenada en cach\u00e9 por parte del cliente) NOTA: algunos informes afirman que las versiones 8.5 y 8.6 tambi\u00e9n est\u00e1n afectadas."
}
],
"id": "CVE-2020-14145",
"lastModified": "2024-11-21T05:02:44.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-29T18:15:11.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/02/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200709-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200709-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D525F21-A36E-4A84-9FA9-B9EF23C27622",
"versionEndIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files."
}
],
"id": "CVE-2001-1029",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6073"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8697"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-03 06:15
Modified
2024-11-21 07:49
Severity ?
Summary
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 9.1 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | a250_firmware | - | |
| netapp | a250 | - | |
| netapp | 500f_firmware | - | |
| netapp | 500f | - | |
| netapp | c250_firmware | - | |
| netapp | c250 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "779485D0-83A2-404C-9477-82BDE8D63A40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1236B66D-EB11-4324-929F-E2B86683C3C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281DFC67-46BB-4FC2-BE03-3C65C9311F65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF32BB1-9A58-4821-AE49-5D5C8200631F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F21DE67F-CDFD-4D36-9967-633CD0240C6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AB1EC2-2560-494A-A51B-6F20CE318FEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58DE2B52-4E49-4CD0-9310-00291B0352C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\""
},
{
"lang": "es",
"value": "OpenSSH server (sshd) v9.1 introdujo una vulnerabilidad de doble liberaci\u00f3n durante el manejo de \"options.key_algorithms\". Esto se ha corregido en OpenSSH v9.2. La doble liberaci\u00f3n puede ser aprovechada por un atacante remoto no autenticado en la configuraci\u00f3n por defecto, para saltar a cualquier ubicaci\u00f3n en el espacio de direcciones de sshd. Un informe de terceros afirma que \"la ejecuci\u00f3n remota de c\u00f3digo es te\u00f3ricamente posible\"."
}
],
"id": "CVE-2023-25136",
"lastModified": "2024-11-21T07:49:10.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-03T06:15:09.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/13/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/23/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/06/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3522"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=34711565"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230309-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/02/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/23/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/06/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=34711565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230309-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/02/02/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA33E7E2-DE7B-411E-8991-718DA0988C51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user\u0027s password."
}
],
"id": "CVE-2002-0765",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9215.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.openbsd.org/errata.html#sshbsdauth"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5113"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9215.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/errata.html#sshbsdauth"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-06 17:03
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding (\"-D\" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality."
}
],
"id": "CVE-2005-2797",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-06T17:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=112605977304049\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/16686"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18010"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18661"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19243"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1014845"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/19142"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112605977304049\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/16686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14727"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3 or 4.",
"lastModified": "2009-11-25T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-05 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D52975-3CB0-4BF7-975F-66EF9BF42A06",
"versionEndIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en ssh-agent.c en ssh-agent en OpenSSH en versiones anteriores a 7.4 permite a atacantes remotos ejecutar modulos locales PKCS#11 arbitrarios aprovechando el control sobre un agent-socket reenviado."
}
],
"id": "CVE-2016-10009",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-05T02:59:03.057",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2023/Jul/31"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94968"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037490"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3538-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40963/"
},
{
"source": "cve@mitre.org",
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2023/Jul/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3538-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40963/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.openssh.com/txt/release-7.4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-02-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| openbsd | openssh | 1.2 | |
| ssh | ssh | 1.2.0 | |
| ssh | ssh | 1.2.1 | |
| ssh | ssh | 1.2.2 | |
| ssh | ssh | 1.2.3 | |
| ssh | ssh | 1.2.4 | |
| ssh | ssh | 1.2.5 | |
| ssh | ssh | 1.2.6 | |
| ssh | ssh | 1.2.7 | |
| ssh | ssh | 1.2.8 | |
| ssh | ssh | 1.2.9 | |
| ssh | ssh | 1.2.10 | |
| ssh | ssh | 1.2.11 | |
| ssh | ssh | 1.2.12 | |
| ssh | ssh | 1.2.13 | |
| ssh | ssh | 1.2.14 | |
| ssh | ssh | 1.2.15 | |
| ssh | ssh | 1.2.16 | |
| ssh | ssh | 1.2.17 | |
| ssh | ssh | 1.2.18 | |
| ssh | ssh | 1.2.19 | |
| ssh | ssh | 1.2.20 | |
| ssh | ssh | 1.2.21 | |
| ssh | ssh | 1.2.22 | |
| ssh | ssh | 1.2.23 | |
| ssh | ssh | 1.2.24 | |
| ssh | ssh | 1.2.25 | |
| ssh | ssh | 1.2.26 | |
| ssh | ssh | 1.2.27 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EFC03C-F5A7-4B74-B664-5828763B3E8E",
"versionEndIncluding": "1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9C3330-E163-4699-B7F6-2D9B089E8A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F62C0C54-6BC0-4A8B-8006-F1EEEFAC3699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "011ECCA8-63DD-4FB0-A2F4-B4BAF344242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86A52DB0-B17A-437C-8E3A-0F824B9F88AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDDCCD5-76B1-4981-BA9D-0C4702DD3FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9E54C6-7003-46B0-85B3-0C2E7E611D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "082C8ECC-CDAF-440B-90D0-A1FE028B03F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0AAA72-CAA5-4985-ADD9-1790CE3C66D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C2A220-D8AB-4FAD-8048-F2C1764F965F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5010A78A-394E-4196-90CB-5D371C3BD1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F6F181-41B1-47D1-A216-194DC4C762EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EEBDAB-AA0D-407B-B8EE-6C33B0423AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "45446BD9-3B03-43B6-B686-F6EACFABD699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE6F492-8E28-4FA1-9BF1-96BAF5D68545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "41BF66ED-CB08-440E-AC05-A31371B7A380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EE3216-D8FF-43F0-9329-6676E2CEC250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9310E12D-1136-4AD6-9678-8ADCD9EE58C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEDF399-58DE-491A-8B51-87E0392FF9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDF2DE8-8559-4BED-80AE-E1420BBF4043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "23EB8421-76BF-47D1-B294-68412D5E4572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9560989-5342-4C6B-974F-7D90C467BA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "971835AF-E908-4C74-9DE0-167349138DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D49C5-54B4-4437-A2D3-3EBFA1D9A3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "926B57D7-009C-4317-ACFB-98551FADC5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EDBA45-FDEE-4D4B-A6FF-7E953B523DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF5BDEF-E86B-4F4D-AF6D-B27044A96B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0FF07F-E13B-425F-9892-C50B326B2944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "338EDA76-05D6-48C0-952E-6244A5F206F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP."
}
],
"id": "CVE-2000-0143",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-02-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0143"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-25 16:19
Modified
2025-04-09 00:30
Severity ?
Summary
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483."
},
{
"lang": "es",
"value": "OpenSSH 4.6 y anteriores, cuando ChallengeResponseAuthentication est\u00e1 habilitado, permite a atacantes remotos determinar la existencia de cuentas de usuario intentando autenticarse mediante S/KEY, lo cual muestra una respuesta diferente si la cuenta de usuario existe, un problema similar a CVE-2001-1483."
}
],
"id": "CVE-2007-2243",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-25T16:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2631"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/34600"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23601"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33794"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20191107-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20191107-0003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. OpenSSH supplied with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not contain S/KEY support.",
"lastModified": "2007-05-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-06 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login."
},
{
"lang": "es",
"value": "El servidor OpenSSH, utilizado en Fedora y Red Hat Enterprise Linux 7 y cuando funciona en un entorno Kerberos, permite a usuarios remotos autenticados iniciar sesi\u00f3n como otro usuario cuando est\u00e1n listados en el fichero .k5users de ese usuario, lo que podr\u00eda evadir los requisitos de autenticaci\u00f3n que forzar\u00eda un inicio de sesi\u00f3n local."
}
],
"id": "CVE-2014-9278",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-06T15:59:07.920",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"source": "secalert@redhat.com",
"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/71420"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-09 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "65A8629A-CFAE-4403-BEE7-622912483702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D0607649-62FE-41CB-9444-53CD9C5B67C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0FB8D5-75CB-4691-AB9F-B4FA46973421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1B240-BD86-41D3-BAC1-96005CB31DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC2BA97-6E7A-4AEF-8944-DB3AB8E14762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D3A31E-D785-406D-A8C8-FD122F4C9E38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that \"OpenSSH upstream does not consider this as a security issue.\""
},
{
"lang": "es",
"value": "** DISPUTADA ** La funci\u00f3n kex_input_kexinit en kex.c en OpenSSH 6.x y 7.x hasta la versi\u00f3n 7.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) enviando muchas peticiones duplicadas KEXINIT. NOTA: un tercero reporta que \"OpenSSH upstream no considera esto como un problema de seguridad\"."
}
],
"id": "CVE-2016-8858",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-09T11:59:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126\u0026r2=1.127\u0026f=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127\u0026content-type=text/x-cvsweb-markup"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/19/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/20/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93776"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037057"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180201-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126\u0026r2=1.127\u0026f=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127\u0026content-type=text/x-cvsweb-markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/19/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180201-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-03-12 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EDBA45-FDEE-4D4B-A6FF-7E953B523DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF5BDEF-E86B-4F4D-AF6D-B27044A96B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0FF07F-E13B-425F-9892-C50B326B2944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "338EDA76-05D6-48C0-952E-6244A5F206F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F719468E-A218-4EB5-9F8D-7841E84F44C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4FCD36-0009-4A93-A190-8FDD11C672CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "71727854-1B75-465F-AF8C-DFE6EFF46B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "64B76EA2-D3A6-4751-ADE6-998C2A7B44FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow."
}
],
"id": "CVE-2001-0144",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=98168366406903\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://razor.bindview.com/publish/advisories/adv_ssh1crc.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-35.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/503"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/795"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2347"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=98168366406903\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://razor.bindview.com/publish/advisories/adv_ssh1crc.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-35.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6083"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-25 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 3.0 | |
| openbsd | openssh | 3.0.1 | |
| openbsd | openssh | 3.0.1p1 | |
| openbsd | openssh | 3.0.2 | |
| openbsd | openssh | 3.0.2p1 | |
| openbsd | openssh | 3.0p1 | |
| openbsd | openssh | 3.1 | |
| openbsd | openssh | 3.1p1 | |
| openbsd | openssh | 3.2 | |
| openbsd | openssh | 3.2.2p1 | |
| openbsd | openssh | 3.2.3p1 | |
| openbsd | openssh | 3.3 | |
| openbsd | openssh | 3.3p1 | |
| openbsd | openssh | 3.4 | |
| openbsd | openssh | 3.4p1 | |
| openbsd | openssh | 3.5 | |
| openbsd | openssh | 3.5p1 | |
| openbsd | openssh | 3.6 | |
| openbsd | openssh | 3.6.1 | |
| openbsd | openssh | 3.6.1p1 | |
| openbsd | openssh | 3.6.1p2 | |
| openbsd | openssh | 3.7 | |
| openbsd | openssh | 3.7.1 | |
| openbsd | openssh | 3.7.1p2 | |
| openbsd | openssh | 3.8 | |
| openbsd | openssh | 3.8.1 | |
| openbsd | openssh | 3.8.1p1 | |
| openbsd | openssh | 3.9 | |
| openbsd | openssh | 3.9.1 | |
| openbsd | openssh | 3.9.1p1 | |
| openbsd | openssh | 4.0p1 | |
| openbsd | openssh | 4.1p1 | |
| openbsd | openssh | 4.2p1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice."
},
{
"lang": "es",
"value": "scp en OpenSSH 4.2p1 permite a atacantes ejecutar \u00f3rdenes de su elecci\u00f3n mediante nombres de ficheros que contienen metacaract\u00e9res o espacios, que son expandidos dos veces."
}
],
"id": "CVE-2006-0225",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-25T11:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
},
{
"source": "secalert@redhat.com",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"source": "secalert@redhat.com",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"source": "secalert@redhat.com",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18579"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18595"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18650"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18736"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18798"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18850"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18910"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18964"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18969"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18970"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19159"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20723"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21129"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21262"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21492"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21724"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22196"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23241"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23340"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23680"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24479"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/25607"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/25936"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/462"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1015540"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/22692"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/16369"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2006/0004"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-255-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/0306"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/2490"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/2120"
},
{
"source": "secalert@redhat.com",
"url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
},
{
"source": "secalert@redhat.com",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.425802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_08_openssh.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0298.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-255-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "This issue was addressed in Red Hat Enterprise Linux 2.1, 3 and 4:\n\nhttps://rhn.redhat.com/errata/CVE-2006-0225.html\nhttps://www.redhat.com/security/data/cve/CVE-2006-0225.html\n\nIssue was fixed upstream in version 4.3. The openssh packages in Red Hat Enterprise Linux 5 are based on the fixed upstream version and were not affected by this flaw.",
"lastModified": "2009-09-09T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-28 22:15
Modified
2025-04-10 19:03
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 9.5 | |
| openbsd | openssh | 9.6 | |
| openbsd | openssh | 9.6 | |
| openbsd | openssh | 9.7 | |
| openbsd | openssh | 9.7 | |
| openbsd | openssh | 9.8 | |
| openbsd | openssh | 9.8 | |
| openbsd | openssh | 9.9 | |
| openbsd | openssh | 9.9 | |
| canonical | ubuntu_linux | 24.04 | |
| canonical | ubuntu_linux | 24.10 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| debian | debian_linux | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "B95D97F9-56D8-4A03-8D97-C9C3BC103AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.6:-:*:*:*:*:*:*",
"matchCriteriaId": "2AFDD23D-3B76-4942-B222-843918EE7996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.6:p1:*:*:*:*:*:*",
"matchCriteriaId": "EA15AB35-EE6C-4435-9CD3-02E77A581CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.7:-:*:*:*:*:*:*",
"matchCriteriaId": "35061B84-4628-469C-BEC2-06207F066F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "E0DA97F7-489E-416E-9A01-DE7E4ABB8E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*",
"matchCriteriaId": "BF2C0441-653D-4BD3-A45D-D97C929A596F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "63A10946-C4A4-4F77-828D-568579A2599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*",
"matchCriteriaId": "E2B53BBB-6916-478C-A896-77C7F7E7D5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "F7A2B794-BA83-4A01-BD2E-541F18CB9E37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "BF90B5A4-6E55-4369-B9D4-E7A061E797D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DE07EF30-B50E-4054-9918-50EFA416073B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "204FC6CC-9DAC-45FB-8A9F-C9C8EDD29D54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack."
},
{
"lang": "es",
"value": "Se ha descubierto un fallo en el paquete OpenSSH. Por cada paquete ping que recibe el servidor SSH, se asigna un paquete pong en un b\u00fafer de memoria y se almacena en una cola de paquetes. Solo se libera cuando finaliza el intercambio de claves entre el servidor y el cliente. Un cliente malintencionado puede seguir enviando dichos paquetes, lo que provoca un aumento descontrolado del consumo de memoria en el lado del servidor. En consecuencia, el servidor puede dejar de estar disponible, lo que da lugar a un ataque de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2025-26466",
"lastModified": "2025-04-10T19:03:33.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-28T22:15:40.080",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26466"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345043"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1237041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2025-26466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20250228-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2025-26466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2025/02/18/4"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-01 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 4.3 | |
| openbsd | openssh | 4.8 | |
| fedoraproject | fedora | 11 | |
| redhat | enterprise_linux | 5 | |
| redhat | enterprise_linux_desktop | 5 | |
| redhat | enterprise_linux_eus | 5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*",
"matchCriteriaId": "5833A489-D6DE-4D51-9E74-189CBC2E28CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*",
"matchCriteriaId": "AF3FB21C-AC0E-4F6C-B68A-9405E57ADCF0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5:*:*:*:*:*:*:*",
"matchCriteriaId": "443CB3FD-014D-4C37-BB02-03DAA5A3F3C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership."
},
{
"lang": "es",
"value": "Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, permite a usuarios locales obtener privilegios a trav\u00e9s de enlaces fuertes en programas setuid que usa una configuraci\u00f3n de ficheros con el chroot directory, relacionado con requerimientos para el propietario."
}
],
"id": "CVE-2009-2904",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-01T15:30:00.233",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/58495"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38834"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39182"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/36552"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-08 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address."
},
{
"lang": "es",
"value": "La funci\u00f3n mm_newkeys_from_blob en monitor_wrap.c de sshd en OpenSSH 6.2 y 6.3, cuando se utiliza el cifrado AES-GCM, no inicia correctamente la memoria para una estructura de datos de contexto MAC, lo que permite a usuarios remotos autenticados evadir intencionadamente ForceCommand y restricciones login-shell a trav\u00e9s de un paquete de datos que proporciona una direcci\u00f3n de rellamada manipulada."
}
],
"id": "CVE-2013-4548",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-08T15:55:13.747",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/11/08/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/gcmrekey.adv"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2014-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141576985122836\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/11/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/gcmrekey.adv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2014-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-15 20:15
Modified
2024-11-21 02:47
Severity ?
Summary
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| netapp | clustered_data_ontap | - | |
| netapp | hci_management_node | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1A0346-2185-4EE6-AC3A-DE31E6A21AE4",
"versionEndIncluding": "8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product"
},
{
"lang": "es",
"value": "** EN DISPTUTA ** OpenSSH versiones hasta 8.7, permite a atacantes remotos, que presentan la sospecha de que una determinada combinaci\u00f3n de nombre de usuario y clave p\u00fablica es conocida por un servidor SSH, comprobar si esta sospecha es correcta. Esto ocurre porque es enviado un desaf\u00edo s\u00f3lo cuando esa combinaci\u00f3n podr\u00eda ser v\u00e1lida para una sesi\u00f3n de inicio de sesi\u00f3n. NOTA: el proveedor no reconoce la enumeraci\u00f3n de usuarios como una vulnerabilidad para este producto"
}
],
"id": "CVE-2016-20012",
"lastModified": "2024-11-21T02:47:33.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-15T20:15:07.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/pull/270"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rushter.com/blog/public-ssh-keys/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0005/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/08/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/pull/270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rushter.com/blog/public-ssh-keys/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2018/08/24/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-27 20:41
Modified
2025-04-09 00:30
Severity ?
Summary
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 4.5.z | |
| redhat | enterprise_linux | 4.5.z | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux_desktop | 4 | |
| redhat | enterprise_linux_desktop | 5 | |
| openbsd | openssh | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.5.z:*:as:*:*:*:*:*",
"matchCriteriaId": "9E17C039-50DC-487F-B800-8694C2E733FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.5.z:*:es:*:*:*:*:*",
"matchCriteriaId": "B380DA56-B6E4-4735-A66C-EE29B56D7A52",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:*",
"matchCriteriaId": "D986CAD0-F4E0-4F97-B240-8967CD4466FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*",
"matchCriteriaId": "AF3FB21C-AC0E-4F6C-B68A-9405E57ADCF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D7D468-C829-4A4E-8865-E62D8EC5E274",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known."
},
{
"lang": "es",
"value": "Ciertos paquetes Red Hat Enterprise Linux (RHEL) 4 y 5 para OpenSSH, como fueron firmados en agosto de 2008 usando una clave Red Hat GPG leg\u00edtima, contienen una modificaci\u00f3n introducida externamente (Trojan Horse) que permite a los autores de los paquetes tener un impacto desconocido. NOTA: como los paquetes maliciosos no fueron distribuidos por ninguna fuente Red Hat oficial, el impacto de este problema est\u00e1 restringido a usuarios que pudieran haber obtenido estos paquetes a trav\u00e9s de puntos de distribuci\u00f3n no oficiales. Como en 20080827, los distribuidores no oficiales de este software son conocidos."
}
],
"evaluatorComment": "This alert is primarily for those who may obtain Red Hat binary \r\npackages via channels other than those of official Red Hat subscribers. Packages obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are not at risk. \r\n\r\nRedhat has provided a shell script which lists the affected packages and can verify that none of them are installed on a system at the following location:\r\n\r\nhttps://www.redhat.com/security/data/openssh-blacklist-1.0.sh",
"id": "CVE-2008-3844",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-27T20:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31575"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32241"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020730"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/security/data/openssh-blacklist.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30794"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/security/data/openssh-blacklist.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0855.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/2821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-17 04:15
Modified
2024-11-21 07:55
Severity ?
Summary
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| netapp | brocade_fabric_operating_system | - | |
| netapp | hci_bootstrap_os | - | |
| netapp | solidfire_element_os | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84F1ED1E-4AD0-4903-A9FD-F4BBC21328E4",
"versionEndExcluding": "9.3",
"versionStartIncluding": "8.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:brocade_fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2119FFC-08F9-4C3F-881C-9C72916BC652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:solidfire_element_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E379272-A79A-4A27-9861-71DCBD4B1FEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9."
}
],
"id": "CVE-2023-28531",
"lastModified": "2024-11-21T07:55:17.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-17T04:15:14.553",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AN2UDTXEUSKFIOIYMV6JNI5VSBMYZOFT/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230413-0008/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://www.openwall.com/lists/oss-security/2023/03/15/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AN2UDTXEUSKFIOIYMV6JNI5VSBMYZOFT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230413-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://www.openwall.com/lists/oss-security/2023/03/15/8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-31 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54168153-AA0C-4E2F-AF03-FF93295D1303",
"versionEndIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS."
}
],
"id": "CVE-2004-1653",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-31T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109413637313484\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011143"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9562"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17213"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20191107-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109413637313484\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20191107-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Permitting TCP forwarding is the expected and known default configuration. If it is not desired, it can disabled using the AllowTcpForwarding option in the /etc/ssh/sshd_config configuration file. However, only disabling TCP forwarding does not improve security unless users are also denied shell access. For more information, see man sshd_config.",
"lastModified": "2009-11-25T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 23:44
Modified
2025-04-09 00:30
Severity ?
Summary
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."
},
{
"lang": "es",
"value": "OpenSSH 4.3p2 y probablemente otras versiones, permite a usuarios locales secuestrar conexiones X enviadas provocando que ssh ponga DISPLAY a :10, incluso cuando otro proceso est\u00e1 escuchando en el puerto asociado, como se demostr\u00f3 abriendo el puerto TCp 6010 (IPv4) y escaneando una cookie enviada por Emacs."
}
],
"id": "CVE-2008-1483",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-24T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29522"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29537"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29554"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29626"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29676"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29683"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29686"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29721"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29735"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29873"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29939"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30086"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30230"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30249"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30347"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30361"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31531"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31882"
},
{
"source": "cve@mitre.org",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28444"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019707"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/597-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/597-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue.\n\nThis issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2005-527.html\n\nRed Hat Enterprise Linux 3 is affected by this issue. The Red Hat Security Response Team has rated this issue as having low security\nimpact. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1483\n",
"lastModified": "2010-03-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-27 01:07
Modified
2025-04-09 00:30
Severity ?
Summary
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector."
},
{
"lang": "es",
"value": "sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versi\u00f3n 1 del protocolo SSH, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un paquete SSH que contiene bloques duplicados, los cuales no se manejan correctamente por el detector de ataque de compensaci\u00f3n CRC."
}
],
"id": "CVE-2006-4924",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-27T01:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability"
},
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"source": "secalert@redhat.com",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"source": "secalert@redhat.com",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"source": "secalert@redhat.com",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21923"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22091"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22158"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22183"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22196"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22208"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22245"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22270"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22298"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22352"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22362"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22487"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22495"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22823"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22926"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23038"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23241"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23340"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/23680"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24479"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24799"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24805"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/25608"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29371"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34274"
},
{
"source": "secalert@redhat.com",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200609-17.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016931"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/787448"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/29152"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/20216"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2006/0054"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3777"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/4401"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/2119"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/0740"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29158"
},
{
"source": "secalert@redhat.com",
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-661"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/787448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/20216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-19 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B042083-6D26-4A91-B3F6-E6D46266FF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6693DC2D-CDA1-4E37-9569-58874F55A48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16CDE975-9E08-493B-9385-3EC2CABC4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A63EA6B-2400-48C4-924D-3509971CCBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0658F08E-2596-4D8E-91AA-44A9DBE8F151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74169893-A34F-49FB-8C83-36C4AA808925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "013E94CC-AF68-44D0-826F-28B1825A8DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9981E30-0D54-4464-8287-E450E7E8F770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED17577-F56D-48DF-8863-B4FF039C47D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A91E2-C93E-49F4-B349-8E4CEC285C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7244A-BFF7-4C7C-82FF-6B53236DB86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BADA4CC-FC94-427A-AF93-9AAFDAADDB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.2j:*:*:*:*:*:*:*",
"matchCriteriaId": "1356E837-2CF3-4AF9-80DD-FA2A97B3B2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1D6B7F-8B52-42C0-8613-740CACFB3463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5024EC6-2A47-4ACE-A661-B78D314C7D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA64A6E8-0EB7-4BCA-A7AA-245A466C2F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5058DC44-835D-4BD9-B550-E5CB22F6475F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "23ED4911-6CF5-4562-B421-A328D7BE0291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F3388A-39FA-4A3A-819A-764A16AAEB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.9k:*:*:*:*:*:*:*",
"matchCriteriaId": "C90B0480-C558-41BD-A16C-AD63DA1C09C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDF3D8-35EA-4677-B1AC-1CA674EEBCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F37366E9-F1B6-4458-AE1C-790405AC8740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C727829-5E3A-41F6-BAB3-01AED39674D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF57477-FB53-49CC-BAD4-CDC0FD9363F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FB72FC-37EE-4D42-893E-9C0924EEA2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D863ED8D-2B63-4497-B250-6AFA29D6D9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BF5D4C-DFF8-4094-82A6-A1302169CD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C5413C-47F1-4E3B-B618-2AECECA780FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "490A294D-AB7C-45C2-B887-1C3D2992AD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "43712853-9002-4778-9036-754262880B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "41A83090-D05D-40DD-AA29-F032CC165A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BCE145-44F4-4FED-8936-3AEBF8B38357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "888C2DE3-2874-4310-9584-3AC96A82C306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6587AA-E91D-4194-81D0-FCF1AA382CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "237D84A0-3FC3-4CFD-9454-ACD9E42DCC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B2C7F5-8182-48B8-AA8A-C0F45978D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "F5EAC7A0-CD7D-4AE9-8421-9CDFFD073B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17855D5D-BDF5-48D3-9D71-694A3D41A826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.3f:*:*:*:*:*:*:*",
"matchCriteriaId": "3915E4A8-6CCF-44A3-85B9-70651137C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5DEDB4-7E16-4356-B080-09BCDA68772F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9DBDC7-DDF0-4596-84BC-E4E05F47F938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA61F9-CE29-47B0-AF2A-B1045A59018E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B338837-6346-48FC-A4D7-011EC20ACF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8644D458-786D-4310-BAA8-40B2E27EA966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4746C2E-91B1-4341-9CCD-78191BDF9A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3FCC3E-F3D5-4F90-B64F-85576E8B776B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17672CBB-A79F-4B91-9B01-193F960A4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "177E5CE0-A518-447F-9397-FC527E367077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C808743-BFAF-4BB4-B0F0-13DF2C7D5531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB90715C-E50C-4682-8C94-DE5CBCAA9965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8F8009-3586-4989-B180-2F46503DA59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "44DDAAA8-185D-47FE-8434-E2FC000BD926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E5D670-FB1F-4560-A5A0-149FB4FCD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "49A0662D-9356-4DC9-8082-58DBEE5C65FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4E858413-3408-4A77-B56D-5016959FC690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB475D-7996-48B3-8886-9000C6230414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E56BFE1-044A-45AC-BF9C-C0CFBD2F8C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72BBCB-636C-4939-90B7-308223E433EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5884968-F218-4CD4-AD4B-4C0CD26EF674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "56FD197E-27E9-4AF4-8A84-E1D0A7FD14DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCD63A2-B666-4F5E-9D17-ED38B0BF973C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "63E32B6A-AF41-4AEA-B55B-52B821106D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC18FBF-1C2E-4D2F-9D3C-C6578CCBDB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0824B78E-EB43-4D74-9062-79D0F273B06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A76B02F-C2C8-4A35-A60A-EC74F43B8895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD470B-274F-421C-AD4D-6D076935D741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C30FE48E-857E-441C-B497-B6E541D2913F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A813EED-25AC-4191-92E8-58C1BC7D1E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8719CEF9-6753-495B-9ACB-9E323CB7BCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "553D3277-1B91-4998-A610-7E5D3E2C1413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17886B3D-394C-4C94-93B2-FAB23B45C880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7584F9C5-41E9-4F84-9849-B5D604BB55A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00008DAA-F66D-484B-941B-944F3E684981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF4DE0B-ED77-49CE-AE0C-2AF2AE35FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38EF9A76-6D83-4C99-A1DE-DC7E5AF28731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3C13F8DE-007E-467E-9872-9C4A951F1EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "698824F0-DDFA-4469-8D42-59A56ACD6B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30A3B9E9-3643-443B-A19A-2AE989832C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F86A43A5-0906-405E-B3D0-250DA24A9093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3126AFB2-A043-4C51-8402-D36D2F62AA73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D37C5-5C79-46F9-97B7-555E48C53796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A817B6-CD13-4E0A-99DD-C5C39DF04C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F7054-6EDF-4F25-945E-E24F00A4A2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16BEBCBF-8826-4451-9B6B-802BD8A4FA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59F1EE63-6CF7-440D-BC5B-23D721996275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C446EEE-3D06-485D-A031-2DA2A6501712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F90B0C0-1CA9-47F8-B603-D6C15CF33352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7292ADB-5D2C-4569-93B5-76125D71E3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2810AD0C-4C6F-4B07-8D72-2D640219AE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "06C3FAFB-90D2-4C6D-A210-27297926433E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "78E26C82-CA31-4EBB-9635-D895B04D90E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "170C4ADE-68C7-4F73-BD64-800D8E07F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB022A4-BFF0-4154-A8B6-C38B6C09A1BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "026CCB02-C710-4AEA-B002-852AD4A3DCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02ACCEFF-1301-4118-BFCA-877F7A1D84B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "625EE79F-33C9-4272-A37C-F82921950EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4480D2-1B5C-443D-8D7F-976885C33BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795DEA94-79D6-4132-B205-AB098E92216A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD05A3E8-105D-4712-8BBE-2D5CF4F78890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6691FF-77F2-4AE3-B49F-BFB8744AD046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E58648AC-7288-46EC-B2BB-0805626BA31C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8A31AD-D2E8-45DC-BF80-BD102B1FBC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62FBDA08-566F-4D21-8186-4A287FD2F107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1DB64D-028A-422F-B106-873A45789A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12509D69-71AF-48AF-986F-04A7E248011A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "075B6E8D-4C4B-4E98-94C6-52B842BE65FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDF9DB2-6C3D-4BF5-BF55-818C3932CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27B99F6E-712C-4205-9185-26F543EFC881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31FAA8F-EE03-4A7F-B0DE-BB4CE998FEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF0262B-1451-40CA-9DD1-F2DEA793BD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E0224-9431-49EF-8B32-850CDF6FFFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88A88A21-7427-4452-8C2A-6C31542FA83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DCEAA0-509A-4978-BE53-0CBE084366FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3203DC73-05F2-4A28-9E62-3D87B482586A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA1AAC-3FCF-47D8-A6B4-9DB0D776CE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64F4CDF1-695A-4677-A829-74BB365BF4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEF55DD-FC87-42A3-9DAF-9862AA9649CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61188360-C55E-47AD-8C3E-043689249DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5BCE08-8940-4658-A4D7-5CAD33D3751C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FA974-7671-4FB7-BB36-274B5970EBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "011F841A-4F1B-49B2-B379-9FE126141568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C54819-CF51-4BBE-873F-4A0E2072D10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "743C5472-860C-48A6-AED7-BB00B6E91440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2094ACB3-635A-437D-AF0E-4BFEB496EDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40BE9A01-DEE5-4CD4-8C01-6689707A47EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2838C7E9-F247-491B-AAD1-680927044C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB99E2A-AF4D-4436-9C4F-EB043F8D16A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "86E5680C-2E57-4BFA-9D60-B560BA819039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83D8769C-E438-4805-955A-4EA7A274F036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E96C8-F8F8-4002-B242-3ADDF1E84B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2ADC814-3F33-47F6-AE27-7233F5D337AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B56052F-6768-41D6-9E91-F1377EB4E122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9803DD4B-C48D-45EA-8154-C1C626DBDED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "702A52AE-4E48-4138-8856-9EBE5A8DA964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "B8C108AB-0C7C-4B58-8B54-C92C95A6B65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "509B3B08-533C-46CE-B53F-5A2BFC553C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F992DB-F70C-4473-8C33-B5F59BD83A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84D8E570-70B9-42CF-9764-238AAF6B380F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "9E582465-CC4A-4827-8C1F-548F01D6FCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "60515678-F93E-46CC-94EF-0EF9B2091D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4054251B-98C7-4AC9-B610-BA0EB250972C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.2:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "5B4AC671-C67D-46EC-9FB2-720F0DC3D4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6A93E9C5-91A4-4FC1-871B-ECE0E0FAFAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "958F4FB0-C7DA-48D8-9500-A4A43ED807E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D772EE8-FB18-4431-89D8-FAF42797A2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "A3A30FB0-35AB-4CF2-B74D-68015044770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75DA0AC9-E2BF-40C7-B970-43D0283FCC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA26CDDC-24FD-4FFD-BA5E-79F55BC8DA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1003EDA5-E22E-4A4E-A289-660E823EE71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "844003FE-63E9-4E2F-83E6-02798B753FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED73DCC-6501-4DA8-B0C0-45F1A6E97BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711A3119-3390-48A9-8579-1D768D66386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "798BE0FE-52F1-4283-8A0D-3E769A3752C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9F77CD27-4E7E-4B4A-9363-FC87B611338A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.4.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "09B1AFF1-4F5D-42F0-A3A7-91BB9854B561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.4.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "01872E42-E249-48AB-9259-FF3B0F3CAA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.4.2:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "B73B06FD-3452-4900-AE09-44172A1EF174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.5.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "DC126AA4-30B6-429B-A981-E4F0BCE03DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.5.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "1932FFE5-DC06-4560-ADA7-4C993B8A880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67BA8F3E-57F3-4388-8CD0-431AAA8DDB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "2BDEED3F-3936-429C-957E-9E3EE455445C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71C39323-60AF-4CB5-BA5A-1F45353614F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "3FE3D768-A3CF-422A-9EE2-6256E3ADDBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8E4B95-A551-4839-995F-5667CD215540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B474CD5-DEC0-49DB-992D-658A3C573982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB98ADBD-7FBB-4495-A71B-8EF9A6EAC33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.4:*:linux_ibm_zos:*:*:*:*:*",
"matchCriteriaId": "356A4B29-4BE7-4D33-8B64-CECCA6C24FAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors."
},
{
"lang": "es",
"value": "Error en el manejo del protocolo SSH en (1) SSH Tectia Client y Server y Connector 4v.0 a la v4.4.11, v5.0 a la v5.2.4, y v5.3 a la v5.3.8; Client y Server y ConnectSecure v6.0 a la v6.0.4; Server para Linux sobre IBM System z v6.0.4; Server para IBM z/OS v5.5.1 y anteriores, v6.0.0, y v6.0.1; y Client v4.0-J a la v4.3.3-J y v4.0-K a la v4.3.10-K; y (2) OpenSSH v4.7p1 y posiblemente otras versiones, cuando usan un algoritmo de bloque cifrado en el modo Cipher Block Chaining (CBC), facilita a los atacantes remotos el conseguir cierta informaci\u00f3n en texto plano desde cualquier bloque de texto cifrado de su elecci\u00f3n en una sessi\u00f3n SSH mediante vectores de ataque desconocidos."
}
],
"evaluatorComment": "http://securitytracker.com/alerts/2008/Nov/1021235.html\n\nCBC mode connections are affected",
"evaluatorSolution": "With a valid username and password patches are available at the following link:\nhttps://downloads.ssh.com/",
"id": "CVE-2008-5161",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-19T17:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://openssh.org/txt/cbc.adv"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49872"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50035"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50036"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32740"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32760"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32833"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33121"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33308"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34857"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36558"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "cve@mitre.org",
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/958563"
},
{
"source": "cve@mitre.org",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32319"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021235"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021236"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021382"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openssh.org/txt/cbc.adv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/958563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue was addressed for Red Hat Enterprise Linux 5 by\nhttps://rhn.redhat.com/errata/RHSA-2009-1287.html\n\nAfter reviewing the upstream fix for this issue, Red Hat does not intend to address this flaw in Red Hat Enterprise Linux 3 or 4 at this time.",
"lastModified": "2009-09-02T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-10 02:15
Modified
2025-05-22 16:51
Severity ?
4.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Summary
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B82BC87D-C176-4CEF-AC2A-3563C03C3DBC",
"versionEndExcluding": "10.0",
"versionStartIncluding": "7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding."
},
{
"lang": "es",
"value": " En sshd en OpenSSH anterior a 10.0, la directiva DisableForwarding no cumple con la documentaci\u00f3n que indica que deshabilita el reenv\u00edo de X11 y del agente."
}
],
"id": "CVE-2025-32728",
"lastModified": "2025-05-22T16:51:54.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-10T02:15:30.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Product",
"Release Notes"
],
"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/txt/release-10.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20250425-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-440"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges."
},
{
"lang": "es",
"value": "La atentificaci\u00f3n desaf\u00edo-respuesta SSH1 PAM en OpenSSH 3.7.1 y 3.7.1p1, cuando la separaci\u00f3n de privilegios est\u00e1 desactivada, no comprueba el resultado del intento de autenticaci\u00f3n, lo que puede permitir a atacantes remotos ganar privilegios."
}
],
"id": "CVE-2003-0786",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/602204"
},
{
"source": "cve@mitre.org",
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/602204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openssh.com/txt/sshpam.adv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-03 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27C9A807-7740-4D75-9B01-91ED53D14C40",
"versionEndIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n kbdint_next_device en auth2-chall.c en sshd en OpenSSH hasta la versi\u00f3n 6.9, no restringe correctamente el procesamiento de dispositivos de teclado interactivo con una \u00fanica conexi\u00f3n, lo cual facilita a atacantes remotos ejecutar un ataque de fuerza bruta o causar una denegaci\u00f3n de servicio (mediante el consumo de la CPU) a trav\u00e9s de una lista larga y redundante en la opci\u00f3n ssh -oKbdInteractiveDevices, seg\u00fan lo demostrado por una modificaci\u00f3n en el cliente que provee una contrase\u00f1a diferente para cada uno de los elementos pam de la lista."
}
],
"id": "CVE-2015-5600",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-03T01:59:03.950",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c"
},
{
"source": "cve@mitre.org",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42\u0026r2=1.43\u0026f=h"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2015/07/23/4"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/92"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75990"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92012"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032988"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2710-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2710-2"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10136"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10157"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20151106-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "cve@mitre.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42\u0026r2=1.43\u0026f=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2015/07/23/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2710-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2710-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20151106-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-27 23:07
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en OpenSSH portable anterior a 4.4, cuando funciona sobre algunas plataformas permite a un atacante remoto determinan la validaci\u00f3n de los nombres de usuario a trav\u00e9s de vectores desconocidos afectando a GSSAPI \"aborto de validacion.\""
}
],
"id": "CVE-2006-5052",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-27T23:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://openssh.org/txt/release-4.4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0697.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22158"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22173"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22495"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22823"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24479"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27588"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28320"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016939"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/29266"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20245"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29255"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openssh.org/txt/release-4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0697.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10178"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "This issue did not affect Red Hat Enterprise Linux 2.1 and 3.\n\nThis issue was addressed in Red Hat Enterprise Linux 4 and 5 via\nhttps://rhn.redhat.com/errata/RHSA-2007-0703.html and https://rhn.redhat.com/errata/RHSA-2007-0540.html respectively.",
"lastModified": "2009-09-24T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-07 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EA14B4-350A-413E-A270-F91ECB194281",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7212E982-76F2-496C-9F08-EC4137F20804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4F797B-8E2C-41AC-AA29-D6B50A539B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8p2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A653B9B-564C-4B74-94DC-17590E3D6696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1E74684E-71D3-4458-A8BA-5248982273F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de OpenSSH hasta v6.1 impone un l\u00edmite de tiempo fijado entre el establecimiento de una conexi\u00f3n TCP y el inicio de sesi\u00f3n, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos provocar una denegaci\u00f3n de servicio peri\u00f3dicamente haciendo muchas conexiones TCP nuevas."
}
],
"id": "CVE-2010-5107",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-07T20:55:01.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1591.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/07/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58162"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908707"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/07/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-24 07:15
Modified
2024-11-21 08:38
Severity ?
Summary
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| fedoraproject | fedora | 39 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D7D468-C829-4A4E-8865-E62D8EC5E274",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges."
},
{
"lang": "es",
"value": "OpenSSH hasta 9.6, cuando se utilizan tipos comunes de DRAM, podr\u00eda permitir row hammer attacks (para omitir la autenticaci\u00f3n) porque el valor entero de autenticado en mm_answer_authpassword no resiste cambios de un solo bit. NOTA: esto es aplicable a un determinado modelo de amenaza de ubicaci\u00f3n conjunta entre atacante y v\u00edctima en el que el atacante tiene privilegios de usuario."
}
],
"id": "CVE-2023-51767",
"lastModified": "2024-11-21T08:38:45.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-24T07:15:07.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-51767"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://arxiv.org/abs/2309.02545"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255850"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240125-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-51767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-51767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://arxiv.org/abs/2309.02545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240125-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-51767"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-10-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82950C9D-F2B0-44A2-80F4-65107F9850CF",
"versionEndIncluding": "3.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple \"buffer management errors\" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693."
},
{
"lang": "es",
"value": "M\u00faltiples \"errores de gesti\u00f3n de b\u00faferes\" en OpenSSH anteriores a 3.7.1 pueden permitir a atacantes causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario usando (1) buffer_init en buffer.c, (2) buffer_free en buffer.c o (3) una funci\u00f3n separada en channels.c, un vulnerabilidad distinta de CAN-2003-0693."
}
],
"id": "CVE-2003-0695",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-10-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000741"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106382542403716\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=106375582924840"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"source": "cve@mitre.org",
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106373546332230\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106381396120332\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106381409220492\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106382542403716\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=openbsd-security-announce\u0026m=106375582924840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable.\n\nThis flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.\n\nThis flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.\n\nThis flaw does not affect any subsequent versions of Red Hat Enterprise Linux.",
"lastModified": "2007-06-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-03 03:55
Modified
2025-04-11 00:51
Severity ?
Summary
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7FD807-BC4A-4F8F-B9F0-49BCF2E687C7",
"versionEndIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE60A415-91E3-4819-A252-E86A32EC3018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7212E982-76F2-496C-9F08-EC4137F20804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call."
},
{
"lang": "es",
"value": "ssh-keysign.c en ssh-keysign en OpenSSH anterior a 5.8p2 en ciertas plataformas ejecuta ssh-rand-helper con descriptores de archivos abiertos no deseados, lo cual permite a usuarios locales obtener informaci\u00f3n clave sensible a trav\u00e9s de la llamada al sistema ptrace."
}
],
"id": "CVE-2011-4327",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-03T03:55:03.550",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/portable-keysign-rand-helper.adv"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=755640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssh.com/txt/portable-keysign-rand-helper.adv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=755640"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-18 20:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedora_project | fedora_core | 6 | |
| openbsd | openssh | 4.3p2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedora_project:fedora_core:6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC47CB90-8C66-466D-9F7B-74E6D621631A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la funci\u00f3n linux_audit_record_event en el OpenSSH 4.3p2, como el utilizado por el Fedora Core 6 y, posiblemente, otros sistemas, permite a atacantes remotos escribir caracteres de su elecci\u00f3n sobre un log auditado a trav\u00e9s de nombres de usuario modificados. NOTA: algunos de estos detalles se obtienen a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-3102",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-18T20:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/39214"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27235"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27588"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/27590"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28319"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/28320"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/26097"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248059"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0555.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0737.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=248059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-01-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent."
}
],
"id": "CVE-2000-1169",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-01-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000345"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2000/20001118"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/2114"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6248"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-111.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1949"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2000/20001118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/2114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-111.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5517"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-06 22:30
Modified
2025-04-11 00:51
Severity ?
Summary
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607877D1-B86A-4973-A5D7-D3D0247FC272",
"versionEndIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B042083-6D26-4A91-B3F6-E6D46266FF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7212E982-76F2-496C-9F08-EC4137F20804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252."
},
{
"lang": "es",
"value": "OpenSSH v5.6 y versiones anteriores, si J-PAKE est\u00e1 activo, no valida apropiadamente los par\u00e1metros p\u00fablicos en el protocolo J-PAKE, lo que permite a atacantes remotos evitar la necesidad de conocer el secreto compartido, y autenticarse con \u00e9xito, enviando valores modificados en cada turno del protocolo. Relacionado con CVE-2010-4252."
}
],
"id": "CVE-2010-4478",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-06T22:30:31.920",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5"
},
{
"source": "cve@mitre.org",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/seb-m/jpake"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/seb-m/jpake"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-05 14:55
Modified
2025-04-11 00:51
Severity ?
Summary
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7FD807-BC4A-4F8F-B9F0-49BCF2E687C7",
"versionEndIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7212E982-76F2-496C-9F08-EC4137F20804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."
},
{
"lang": "es",
"value": "La funci\u00f3n de ssh_gssapi_parse_ename en GSS-serv.c en OpenSSH v5.8 y versiones anteriores, cuando gssapi-with-mic de autenticaci\u00f3n est\u00e1 activada, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (excesivo consumo de memoria) a trav\u00e9s de un valor demasiado grande en un campo de longitud determinada. NOTA: puede haber escenarios limitados en el que este tema es relevante."
}
],
"id": "CVE-2011-5000",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-05T14:55:03.590",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2011/Aug/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://site.pi3.com.pl/adv/ssh_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2011/Aug/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://site.pi3.com.pl/adv/ssh_1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges."
}
],
"id": "CVE-2000-0999",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-27 23:07
Modified
2025-04-09 00:30
Severity ?
Summary
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| debian | debian_linux | 3.1 | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x_server | * | |
| apple | mac_os_x_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3FE4E6-870E-4F84-9D50-7BF48ADFB380",
"versionEndIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE37418-3D19-483A-9ADE-2E38272A4ACC",
"versionEndExcluding": "10.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39D14EF2-E8E0-4021-A493-E822612FFB35",
"versionEndIncluding": "10.4.8",
"versionStartIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9A9D63-EEA1-4289-8382-6CC91D2241A1",
"versionEndExcluding": "10.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D26E9A-DF4A-4795-BE74-2196127BB3E7",
"versionEndIncluding": "10.4.8",
"versionStartIncluding": "10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el manejador de se\u00f1al OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario si la autenticaci\u00f3n GSSAPI est\u00e1 habilitada, a trav\u00e9s de vectores no especificados que conducen a una doble liberaci\u00f3n."
}
],
"evaluatorImpact": "Successful code execution exploitation requires that GSSAPI authentication is enabled.",
"id": "CVE-2006-5051",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2006-09-27T23:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://openssh.org/txt/release-4.4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22158"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22173"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22183"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22196"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22208"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22245"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22270"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22352"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22362"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22487"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/22495"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22823"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22926"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24479"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24799"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1016940"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/851340"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/29264"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/20241"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2006/4018"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2006/4329"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
},
{
"source": "secalert@redhat.com",
"url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://openssh.org/txt/release-4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/22495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1016940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2006/dsa-1189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.debian.org/security/2006/dsa-1212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/851340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.openbsd.org/errata.html#ssh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/29264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/20241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ubuntu.com/usn/usn-355-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2006/4018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2006/4329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-18 15:04
Modified
2025-04-09 00:30
Severity ?
Summary
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:linux:unknown:unknown:etch:*:*:*:*:*",
"matchCriteriaId": "3CFF5E16-B757-4F51-9896-EA47AEBD5A91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B74B16-DE22-4206-891D-5EB3BC4F58C6",
"versionEndIncluding": "4.3p2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE60A415-91E3-4819-A252-E86A32EC3018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:linux:unknown:unknown:sid:*:*:*:*:*",
"matchCriteriaId": "0E64AB89-A4A4-4FD8-A22A-B03D24650B4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A410C8F9-717C-4657-91DD-BAEAB53ECC16",
"versionEndIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE60A415-91E3-4819-A252-E86A32EC3018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": tru