Filtered by vendor Openbsd Subscriptions
Filtered by product Openssh Subscriptions
Total 114 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-1657 1 Openbsd 1 Openssh 2024-11-21 N/A
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
CVE-2008-1483 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
CVE-2007-4752 2 Openbsd, Redhat 3 Openssh, Enterprise Linux, Rhel Eus 2024-11-21 N/A
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
CVE-2007-4654 3 Cisco, Openbsd, Teamf1 4 Content Services Switch 11000, Webns, Openssh and 1 more 2024-11-21 N/A
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
CVE-2007-3102 3 Fedora Project, Openbsd, Redhat 3 Fedora Core, Openssh, Enterprise Linux 2024-11-21 N/A
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
CVE-2007-2768 2 Netapp, Openbsd 5 Hci Management Node, Hci Storage Node, Solidfire and 2 more 2024-11-21 N/A
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
CVE-2007-2243 1 Openbsd 1 Openssh 2024-11-21 N/A
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
CVE-2006-5794 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
CVE-2006-5229 2 Novell, Openbsd 2 Suse Linux, Openssh 2024-11-21 N/A
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
CVE-2006-5052 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
CVE-2006-5051 4 Apple, Debian, Openbsd and 1 more 5 Mac Os X, Mac Os X Server, Debian Linux and 2 more 2024-11-21 8.1 High
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVE-2006-4925 1 Openbsd 1 Openssh 2024-11-21 N/A
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
CVE-2006-4924 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
CVE-2006-0883 2 Freebsd, Openbsd 2 Freebsd, Openssh 2024-11-21 N/A
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
CVE-2006-0225 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
CVE-2005-2798 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
CVE-2005-2797 1 Openbsd 1 Openssh 2024-11-21 N/A
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
CVE-2005-2666 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
CVE-2004-2760 1 Openbsd 1 Openssh 2024-11-21 N/A
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
CVE-2004-2069 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).