National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): openssh
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 110 matching records.
Displaying matches 101 through 110.
Vuln ID Summary CVSS Severity

The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.

Published: September 27, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM

libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH

OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.

Published: August 14, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH

Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 4.0 MEDIUM

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

Published: June 19, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.

Published: June 12, 2000; 12:00:00 AM -04:00
V2: 5.0 MEDIUM

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Published: June 08, 2000; 12:00:00 AM -04:00
V2: 10.0 HIGH

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.

Published: January 01, 1999; 12:00:00 AM -05:00
V2: 10.0 HIGH