Search Results (Refine Search)
- CPE Product Version: cpe:/a:openbsd:openssh:2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-6515 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. Published: August 07, 2016; 5:59:09 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2015-8325 |
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. Published: April 30, 2016; 9:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-3115 |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Published: March 22, 2016; 6:59:02 AM -0400 |
V3.0: 6.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2015-6564 |
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Published: August 23, 2015; 9:59:01 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-6563 |
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Published: August 23, 2015; 9:59:00 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2015-5600 |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. Published: August 02, 2015; 9:59:03 PM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2015-5352 |
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. Published: August 02, 2015; 9:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-2653 |
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. Published: March 27, 2014; 6:55:04 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-2532 |
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Published: March 18, 2014; 1:18:19 AM -0400 |
V3.0: 4.9 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2011-4327 |
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. Published: February 02, 2014; 10:55:03 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-1692 |
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition. Published: January 29, 2014; 11:02:05 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2010-5107 |
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. Published: March 07, 2013; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-5000 |
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. Published: April 05, 2012; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-0814 |
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. Published: January 27, 2012; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2010-4755 |
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. Published: March 02, 2011; 3:00:00 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-4478 |
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. Published: December 06, 2010; 5:30:31 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-4109 |
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. Published: September 18, 2008; 11:04:27 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-3259 |
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. Published: July 22, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 1.2 LOW |
CVE-2007-4752 |
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. Published: September 11, 2007; 9:17:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-5794 |
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. Published: November 08, 2006; 3:07:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |