U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:openbsd:openssh:3.9
There are 48 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2016-6515

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Published: August 07, 2016; 5:59:09 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2015-8325

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

Published: April 30, 2016; 9:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-3115

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

Published: March 22, 2016; 6:59:02 AM -0400
V3.0: 6.4 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2015-6564

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

Published: August 23, 2015; 9:59:01 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2015-6563

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

Published: August 23, 2015; 9:59:00 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2015-5600

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

Published: August 02, 2015; 9:59:03 PM -0400
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2015-5352

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

Published: August 02, 2015; 9:59:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2653

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

Published: March 27, 2014; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

Published: March 18, 2014; 1:18:19 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2011-4327

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.

Published: February 02, 2014; 10:55:03 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-1692

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.

Published: January 29, 2014; 11:02:05 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-5107

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

Published: March 07, 2013; 3:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-5000

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

Published: April 05, 2012; 10:55:03 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-0814

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

Published: January 27, 2012; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2010-4755

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.

Published: March 02, 2011; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

Published: December 06, 2010; 5:30:31 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

Published: September 18, 2008; 11:04:27 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-3259

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.

Published: July 22, 2008; 12:41:00 PM -0400
V3.x:(not available)
V2.0: 1.2 LOW
CVE-2007-4752

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

Published: September 11, 2007; 9:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2243

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

Published: April 25, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM