National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): openssh
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 110 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2007-4752

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

Published: September 11, 2007; 09:17:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-4654

Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.

Published: September 04, 2007; 06:17:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2007-2768

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

Published: May 21, 2007; 04:30:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2007-2243

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

Published: April 25, 2007; 12:19:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2007-0726

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.

Published: March 13, 2007; 06:19:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-5794

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

Published: November 08, 2006; 03:07:00 PM -05:00
V2: 7.5 HIGH
CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

Published: October 10, 2006; 07:07:00 PM -04:00
V2: 2.6 LOW
CVE-2006-4925

packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.

Published: September 28, 2006; 08:07:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 9.3 HIGH
CVE-2006-5052

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-4924

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 7.8 HIGH
CVE-2006-0393

OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.

Published: August 02, 2006; 09:04:00 PM -04:00
V2: 4.0 MEDIUM
CVE-2006-0883

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

Published: March 06, 2006; 09:02:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2006-0225

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Published: January 25, 2006; 06:03:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2005-2797

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

Published: September 06, 2005; 01:03:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2005-2798

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

Published: September 06, 2005; 01:03:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2005-2666

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

Published: August 23, 2005; 12:00:00 AM -04:00
V2: 1.2 LOW
CVE-2004-2069

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-2414

Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2004-2760

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 6.8 MEDIUM