ssh 1 software vulnerabilities
vulnerabilities.aspcode.net
Searching ssh 1 software vulnerabilities
In some instances of SSH 1.2.27 and 2.0.11 on L
instances
|
some
|
SSH
|
In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login.
An SSH server allows authentication through the
authentication
|
through
|
rhosts
|
server
|
allows
|
file
|
SSH
|
An SSH server allows authentication through the .rhosts file.
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.
version
|
daemon
|
SSH
|
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
The SSH protocols 1 and 2 (aka SSH-2) as implem
protocols
|
SSH
|
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
Information leaks in Cisco VPN 3000 Concentrato
Information
|
Cisco
|
leaks
|
VPN
|
Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.
SSH 1 through 3, and possibly other versions, a
world-writeable
|
restricted
|
directory
|
uploading
|
executing
|
possibly
|
versions
|
through
|
normal
|
access
|
script
|
shells
|
bypass
|
allows
|
local
|
other
|
shell
|
rbash
|
users
|
gain
|
such
|
rksh
|
then
|
SSH
|
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 an
VanDyke
|
clients
|
SSH2
|
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Race condition in SSH Tectia Server 4.0.3 and 4
condition
|
Tectia
|
Server
|
Race
|
SSH
|
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
The URI handlers in Konqueror for KDE 3.2.2 and
Konqueror
|
handlers
|
KDE
|
URI
|
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
libsvn_ra_svn in Subversion 1.0.4 trusts the le
libsvn_ra_svn
|
Subversion
|
libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
Argument injection vulnerability in the SSH URI
vulnerability
|
injection
|
Argument
|
handler
|
Safari
|
Mac
|
SSH
|
URI
|
Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.
Cisco CatOS 5.x before 5.5(20) through 8.x befo
before
|
CatOS
|
Cisco
|
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."
Secure Shell (SSH) 2 in Cisco IOS 12.0 through
Secure
|
Shell
|
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
SSH Tectia Server 4.3.1 and earlier, and SSH Se
Server
|
Tectia
|
SSH
|
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
Format string vulnerability in a logging functi
vulnerability
|
including
|
function
|
various
|
servers
|
logging
|
string
|
Format
|
used
|
SFTP
|
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
sshd in OpenSSH before 4.4, when using the vers
attackers
|
protocol
|
version
|
OpenSSH
|
service
|
remote
|
denial
|
allows
|
before
|
using
|
cause
|
sshd
|
SSH
|
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
SSH Tectia Client/Server/Connector 5.1.0 and ea
Client/Server/Connector
|
Tectia
|
SSH
|
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
Buffer overflow in the Ne7sshSftp::addOpenHandl
overflow
|
Buffer
|
Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations.
SSH Tectia Server for IBM z/OS before 5.4.0 use
Server
|
before
|
Tectia
|
z/OS
|
SSH
|
IBM
|
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
BlockHosts before 2.0.4 does not properly parse
BlockHosts
|
before
|
BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.
Software vulnerabilities results 1 to 20 of 5606
Page:
1
2
3
4
5
...
281
►