CVSS: 5.0EPSS: 7%CPEs: 133EXPL: 0CVE-2008-4109
https://notcve.org/view.php?id=CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. Cierto parche de Debian para OpenSSH en versiones anteriores a 4.3p2-9etch3 en etch, y versiones anteriores a 4.6p1-1 en sid y lenny, que utiliza funciones que no son señales asíncronas seguras (async-signal-safe) en el gestor de señales para los tiempos de autentificado, el cual permite a los atacantes remotos causar una denegación de servicio (agotamiento de la ranura de conexión) a través de múltiples intentos de autenticación. NOTA: esto existe por una incorrecta solución de CVE-2006-5051. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://secunia.com/advisories/31885 http://secunia.com/advisories/32080 http://secunia.com/advisories/32181 http://www.debian.org/security/2008/dsa-1638 http://www.openwall.com/lists/oss-security/2024/07/01/3 http://www.securitytracker.com/id?1020891 http://www.ubuntu.com/usn/usn-649-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/4520 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 1.2EPSS: 0%CPEs: 71EXPL: 0CVE-2008-3259
https://notcve.org/view.php?id=CVE-2008-3259
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. OpenSSH anterior a 5.1 activa la opción del socket SO_REUSEADDR cuando la configuración X11UseLocalhost está desactivada, lo que permite a usuarios locales en determinadas plataformas, secuestrar el puerto de reenvío X11 a través de una única dirección IP como se ha demostrado sobre la plataforma HP-UX. • http://openssh.com/security.html http://secunia.com/advisories/31179 http://www.openssh.com/txt/release-5.1 http://www.securityfocus.com/bid/30339 http://www.securitytracker.com/id?1020537 http://www.vupen.com/english/advisories/2008/2148 https://exchange.xforce.ibmcloud.com/vulnerabilities/43940 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 2CVE-2008-3234 – Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. sshd en OpenSSH 4 sobre Debian GNU/Linux, y el OpenSSH Snapshot 20070303, permiten que usuarios remotos autenticados obtener acceso a roles de usuario SELinux arbitrarios añadiendo al nombre de usuario una secuencia :/ (dos puntos - barra), seguido por el nombre del rol de usuario que se desee. • https://www.exploit-db.com/exploits/6094 http://www.securityfocus.com/bid/30276 https://exchange.xforce.ibmcloud.com/vulnerabilities/44037 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1657
https://notcve.org/view.php?id=CVE-2008-1657
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. OpenSSH versión 4.4 anterior a 4.9, permite a los usuarios autenticados remotos omitir la directiva ForceCommand de sshd_config mediante la modificación del archivo de sesión .ssh/rc. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29602 http://secunia.com/advisories/29609 http://secunia.com/advisories/29683 http://secunia.com/advisories/29693 http://secunia.com/advisories/29735 http://s • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1483 – openssh may set DISPLAY even if it's unable to listen on respective port
https://notcve.org/view.php?id=CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. OpenSSH 4.3p2 y probablemente otras versiones, permite a usuarios locales secuestrar conexiones X enviadas provocando que ssh ponga DISPLAY a :10, incluso cuando otro proceso está escuchando en el puerto asociado, como se demostró abriendo el puerto TCp 6010 (IPv4) y escaneando una cookie enviada por Emacs. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29522 http://secunia.com/adviso • CWE-264: Permissions, Privileges, and Access Controls •