ssh software vulnerabilities
vulnerabilities.aspcode.net
Searching ssh software vulnerabilities
In some instances of SSH 1.2.27 and 2.0.11 on L
instances
|
some
|
SSH
|
In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login.
An SSH server allows authentication through the
authentication
|
through
|
rhosts
|
server
|
allows
|
file
|
SSH
|
An SSH server allows authentication through the .rhosts file.
Format string vulnerabilities in OpenBSD ssh pr
vulnerabilities
|
OpenBSD
|
program
|
string
|
Format
|
ssh
|
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
SSH before 2.0, when using RC4 and password aut
authentication
|
attackers
|
password
|
messages
|
remote
|
server
|
replay
|
before
|
allows
|
until
|
using
|
SSH
|
key
|
RC4
|
new
|
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated.
Vulnerability in Compaq ProLiant BL e-Class Int
Administrator
|
Vulnerability
|
Integrated
|
ProLiant
|
e-Class
|
Compaq
|
Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1.0 and 1.10, allows authenticated users with Telnet, SSH, or console access to conduct unauthorized activities.
SSH Secure Shell for Servers and SSH Secure She
Workstations
|
Servers
|
Secure
|
Shell
|
SSH
|
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.
SSH Secure Shell before 3.2.9 allows remote att
before
|
Secure
|
Shell
|
SSH
|
SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.
Race condition in SSH Tectia Server 4.0.3 and 4
condition
|
Tectia
|
Server
|
Race
|
SSH
|
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
Unknown vulnerability in AppleFileServer for Ma
AppleFileServer
|
vulnerability
|
Unknown
|
Mac
|
Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.
The Live CD in SUSE LINUX 9.1 Personal edition
configured
|
privileges
|
attackers
|
Personal
|
password
|
without
|
edition
|
allows
|
remote
|
LINUX
|
which
|
gain
|
Live
|
SUSE
|
root
|
SSH
|
via
|
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
The DSS verification code in Dropbear SSH Serve
verification
|
Dropbear
|
Server
|
before
|
code
|
DSS
|
SSH
|
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
SSH Tectia Server 4.3.1 and earlier, and SSH Se
Server
|
Tectia
|
SSH
|
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
Lantronix SecureLinx console server running fir
insufficient
|
information
|
SecureLinx
|
sensitive
|
Lantronix
|
attackers
|
document
|
/etc/ssh
|
firmware
|
console
|
control
|
private
|
running
|
allows
|
obtain
|
remote
|
stores
|
access
|
server
|
under
|
which
|
keys
|
such
|
root
|
web
|
SSH
|
Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys.
SSH, as implemented in OpenSSH before 4.0 and p
implementations
|
known_hosts
|
compromised
|
implemented
|
additional
|
hostnames
|
plaintext
|
addresses
|
generate
|
possibly
|
password
|
attacker
|
account
|
OpenSSH
|
targets
|
user's
|
stores
|
likely
|
before
|
easier
|
which
|
other
|
makes
|
more
|
same
|
have
|
list
|
file
|
keys
|
key
|
SSH
|
has
|
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
WRQ Reflection for Secure IT Windows Server 6.0
Reflection
|
Windows
|
Server
|
Secure
|
WRQ
|
WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login.
SSH Tectia Server 5.0.0 (A, F, and T), when all
Server
|
Tectia
|
SSH
|
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
The Dell Openmanage CD launches X11 and SSH dae
authentication
|
Openmanage
|
privileges
|
attackers
|
launches
|
require
|
daemons
|
allows
|
remote
|
which
|
gain
|
Dell
|
X11
|
SSH
|
not
|
The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges.
sshd in OpenSSH before 4.4, when using the vers
attackers
|
protocol
|
version
|
OpenSSH
|
service
|
remote
|
denial
|
allows
|
before
|
using
|
cause
|
sshd
|
SSH
|
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
The SSH key generation process in OpenSSH in Ap
generation
|
process
|
OpenSSH
|
Apple
|
Mac
|
key
|
SSH
|
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.
Unspecified vulnerability in Dell Remote Access
vulnerability
|
Unspecified
|
Remote
|
Access
|
Card
|
Dell
|
Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability.
Software vulnerabilities results 1 to 20 of 83
Page:
1
2
3
4
5
►