National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:openbsd:openssh:3.7.1p2
There are 44 matching records.
Displaying matches 41 through 44.
Vuln ID Summary CVSS Severity
CVE-2005-2798

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

Published: September 06, 2005; 01:03:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2005-2666

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

Published: August 23, 2005; 12:00:00 AM -04:00
    V2: 1.2 LOW
CVE-2004-2069

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-1653

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.

Published: August 31, 2004; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM