National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): openssh
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 106 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2007-0726

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.

Published: March 13, 2007; 06:19:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-5794

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

Published: November 08, 2006; 03:07:00 PM -05:00
V2: 7.5 HIGH
CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

Published: October 10, 2006; 07:07:00 PM -04:00
V2: 2.6 LOW
CVE-2006-4925

packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.

Published: September 28, 2006; 08:07:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 9.3 HIGH
CVE-2006-5052

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

Published: September 27, 2006; 07:07:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-4924

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 7.8 HIGH
CVE-2006-0393

OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.

Published: August 02, 2006; 09:04:00 PM -04:00
V2: 4.0 MEDIUM
CVE-2006-0883

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

Published: March 06, 2006; 09:02:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2006-0225

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Published: January 25, 2006; 06:03:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2005-2797

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

Published: September 06, 2005; 01:03:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2005-2798

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

Published: September 06, 2005; 01:03:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2005-2666

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

Published: August 23, 2005; 12:00:00 AM -04:00
V2: 1.2 LOW
CVE-2004-2069

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-2414

Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2004-2760

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2004-1653

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.

Published: August 31, 2004; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2004-0175

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 4.3 MEDIUM
CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.

Published: December 31, 2003; 12:00:00 AM -05:00
V2: 7.6 HIGH
CVE-2003-0786

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.

Published: November 17, 2003; 12:00:00 AM -05:00
V2: 10.0 HIGH