sshd software vulnerabilities
vulnerabilities.aspcode.net
Searching sshd software vulnerabilities
The SSH protocol server sshd allows local users
authentication
|
connection
|
redirect
|
standard
|
database
|
password
|
protocol
|
through
|
service
|
without
|
allows
|
server
|
access
|
system
|
users
|
local
|
shell
|
such
|
uses
|
sshd
|
POP
|
FTP
|
SSH
|
TCP
|
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
sshd program in the Rapidstream 2.1 Beta VPN ap
Rapidstream
|
hard-coded
|
appliance
|
attackers
|
"rsadmin"
|
arbitrary
|
commands
|
password
|
account
|
execute
|
program
|
allows
|
remote
|
which
|
Beta
|
sshd
|
null
|
via
|
ssh
|
has
|
VPN
|
sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
Bitvise WinSSHD before 2002-03-16 allows remote
2002-03-16
|
attackers
|
service
|
Bitvise
|
WinSSHD
|
denial
|
allows
|
before
|
remote
|
cause
|
Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
sshd in OpenSSH before 4.2, when GSSAPIDelegate
GSSAPIDelegateCredentials
|
credentials
|
non-GSSAPI
|
delegated
|
untrusted
|
OpenSSH
|
clients
|
methods
|
exposed
|
enabled
|
before
|
allows
|
GSSAPI
|
cause
|
those
|
users
|
using
|
hosts
|
could
|
which
|
sshd
|
log
|
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
opiepasswd in One-Time Passwords in Everything
Everything
|
opiepasswd
|
Passwords
|
One-Time
|
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before Wednesday, March 22, 2006 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
SSH Tectia Management Agent 2.1.2 allows local
Management
|
Tectia
|
Agent
|
SSH
|
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.
sshd in OpenSSH before 4.4, when using the vers
attackers
|
protocol
|
version
|
OpenSSH
|
service
|
remote
|
denial
|
allows
|
before
|
using
|
cause
|
sshd
|
SSH
|
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Unspecified vulnerability in the sshd Privilege
authentication
|
vulnerability
|
verification
|
Unspecified
|
Separation
|
successful
|
attackers
|
Privilege
|
Monitor
|
OpenSSH
|
bypass
|
causes
|
before
|
weaker
|
might
|
allow
|
which
|
sshd
|
been
|
has
|
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of Wednesday, November 08, 2006, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
DenyHosts 2.5 does not properly parse sshd log
/etc/hostsdeny
|
demonstrated
|
containing
|
expression
|
attackers
|
arbitrary
|
addresses
|
DenyHosts
|
properly
|
logging
|
service
|
strings
|
address
|
handled
|
certain
|
regular
|
adding
|
denial
|
allows
|
remote
|
login
|
parse
|
files
|
which
|
cause
|
hosts
|
does
|
sshd
|
file
|
name
|
via
|
not
|
add
|
log
|
ssh
|
DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression.
fail2ban 0.7.4 and earlier does not properly pa
fail2ban
|
fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address.
fail2ban 0.8 and earlier does not properly pars
identification
|
/etc/hostsdeny
|
CVE-2006-6302
|
demonstrated
|
containing
|
arbitrary
|
addresses
|
attackers
|
different
|
protocol
|
properly
|
fail2ban
|
version
|
earlier
|
address
|
service
|
logging
|
denial
|
adding
|
string
|
vector
|
allows
|
client
|
remote
|
which
|
hosts
|
parse
|
files
|
cause
|
sshd
|
than
|
file
|
does
|
not
|
ssh
|
add
|
log
|
via
|
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.
BlockHosts before 2.0.4 does not properly parse
BlockHosts
|
before
|
BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.
DenyHosts 2.6 does not properly parse sshd log
identification
|
/etc/hostsdeny
|
CVE-2006-6301
|
demonstrated
|
containing
|
arbitrary
|
DenyHosts
|
attackers
|
addresses
|
different
|
protocol
|
properly
|
logging
|
service
|
address
|
version
|
adding
|
vector
|
client
|
string
|
remote
|
allows
|
denial
|
cause
|
which
|
parse
|
files
|
hosts
|
file
|
sshd
|
does
|
than
|
not
|
ssh
|
add
|
log
|
via
|
DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.
Software vulnerabilities results 1 to 14 of 14
Page:
1