Searching openssh software vulnerabilities

A system is running a version of software that

distribution | software | replaced | running | version | points | system | Trojan | Horse | such | one | its |

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.


OpenSSL 0.9.4 and OpenSSH for FreeBSD do not pr

OpenSSL |

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.


OpenSSH 2.9 and earlier does not initiate a Plu

Authentication | Pluggable | initiate | earlier | OpenSSH | Module | does | not |

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.


OpenSSH before 3.0.1 with Kerberos V enabled do

OpenSSH | before |

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.


OpenSSH 3.6.1 and earlier, when restricting hos

OpenSSH |

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.


"Memory bugs" in OpenSSH 3.7.1 and earlier, wit

OpenSSH | "Memory | bugs" |

"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.


A "buffer management error" in buffer_append_sp

buffer_append_space | CVE-2003-0695 | vulnerability | corrupting | management | arbitrary | attackers | different | incorrect | bufferc | OpenSSH | causing | "buffer | execute | memory | error" | amount | remote | before | allow | freed | than | code | heap | may |

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.


Multiple "buffer management errors" in OpenSSH

management | Multiple | OpenSSH | errors" | "buffer | before |

Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.


The SSH1 PAM challenge response authentication

authentication | challenge | response | OpenSSH | SSH1 | PAM |

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.


The PAM conversation function in OpenSSH 3.7.1

conversation | function | OpenSSH | PAM |

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.


Directory traversal vulnerability in scp for Op

vulnerability | arbitrary | malicious | overwrite | traversal | Directory | OpenSSH | servers | remote | before | allows | files | 34p1 | scp |

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.


The default configuration for OpenSSH enables A

AllowTcpForwarding | authenticated | configuration | configured | anonymous | default | perform | enables | OpenSSH | AnonCVS | program | bounce | access | remote | could | which | allow | users | port | such |

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.


OpenSSH 4.0, and other versions before 4.2, doe

forwarding | properly | versions | OpenSSH | dynamic | handle | before | other | port | does | not |

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.


sshd in OpenSSH before 4.2, when GSSAPIDelegate

GSSAPIDelegateCredentials | credentials | non-GSSAPI | delegated | untrusted | OpenSSH | clients | methods | exposed | enabled | before | allows | GSSAPI | cause | those | users | using | hosts | could | which | sshd | log |

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.


scp in OpenSSH 4.2p1 allows attackers to execut

metacharacters | attackers | arbitrary | filenames | expanded | commands | OpenSSH | contain | execute | spaces | allows | which | twice | shell | 42p1 | scp | via |

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.


OpenSSH in Apple Mac OS X 10.4.7 allows remote

OpenSSH | Apple | Mac |

OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.


packet.c in ssh in OpenSSH allows remote attack

attackers | OpenSSH | packetc | service | denial | allows | remote | cause | ssh |

packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.


Signal handler race condition in OpenSSH before

condition | attackers | OpenSSH | service | handler | remote | denial | Signal | before | allows | cause | race |

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.


Unspecified vulnerability in portable OpenSSH b

"authentication | vulnerability | Unspecified | determine | attackers | involving | usernames | platforms | validity | portable | vectors | unknown | OpenSSH | running | GSSAPI | allows | remote | abort" | before | some | via |

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."


OpenSSH 4.6 and earlier, when ChallengeResponse

ChallengeResponseAuthentication | CVE-2001-1483 | authenticate | attempting | determine | existence | different | attackers | accounts | displays | response | account | similar | OpenSSH | earlier | enabled | remote | exists | allows | which | S/KEY | issue | user | via |

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.


Software vulnerabilities results 1 to 20 of 34     
Page: 12