Show filters
116 Total Results
Displaying 61-70 of 116
Sort by:
Attacker Value
Unknown
CVE-2008-4109
Disclosure Date: September 18, 2008 (last updated October 04, 2023)
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
0
Attacker Value
Unknown
CVE-2008-3844
Disclosure Date: August 27, 2008 (last updated October 04, 2023)
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
0
Attacker Value
Unknown
CVE-2008-3259
Disclosure Date: July 22, 2008 (last updated October 04, 2023)
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
0
Attacker Value
Unknown
CVE-2008-3234
Disclosure Date: July 18, 2008 (last updated October 04, 2023)
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
0
Attacker Value
Unknown
CVE-2008-1657
Disclosure Date: April 02, 2008 (last updated October 04, 2023)
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
0
Attacker Value
Unknown
CVE-2008-1483
Disclosure Date: March 24, 2008 (last updated October 04, 2023)
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
0
Attacker Value
Unknown
CVE-2007-3102
Disclosure Date: October 18, 2007 (last updated October 04, 2023)
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
0
Attacker Value
Unknown
CVE-2007-4654
Disclosure Date: September 04, 2007 (last updated October 04, 2023)
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
0
Attacker Value
Unknown
CVE-2007-2768
Disclosure Date: May 21, 2007 (last updated October 04, 2023)
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
0
Attacker Value
Unknown
CVE-2007-2243
Disclosure Date: April 25, 2007 (last updated October 04, 2023)
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
0