CVE-2005-2797
https://notcve.org/view.php?id=CVE-2005-2797
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt http://marc.info/?l=bugtraq&m=112605977304049&w=2 http://secunia.com/advisories/16686 http://secunia.com/advisories/18010 http://secunia.com/advisories/18661 http://secunia.com/advisories/19243 http://securitytracker.com/id?1014845 http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm http://www.mindrot.org/pipermai •
CVE-2005-2798
https://notcve.org/view.php?id=CVE-2005-2798
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/16686 http://secunia.com/advisories/17077 http://secunia.com/advisories/17245 http://secunia.com/advisories/18010 http://secunia.com/advisories/18406 http://secunia.com/advisories/18507 http://secunia.com/advisories/18661 http://secunia.com/advisories/18717 http://securitytracker.com/id?1014845 http: •
CVE-2005-2666 – openssh vulnerable to known_hosts address harvesting
https://notcve.org/view.php?id=CVE-2005-2666
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt http://nms.csail.mit.edu/projects/ssh http://secunia.com/advisories/19243 http://secunia.com/advisories/25098 http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asp http://www.redhat.com/support/errata/RHSA-2007-0257.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201 https://access.redhat.com/security/cve/CVE-2005-2666 https://bugzilla.redhat.com/show • CWE-255: Credentials Management Errors •
CVE-2004-2760
https://notcve.org/view.php?id=CVE-2004-2760
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. • http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html http://securityreason.com/securityalert/4100 http://www.securityfocus.com/archive/1/360198 • CWE-16: Configuration •
CVE-2004-2069
https://notcve.org/view.php?id=CVE-2004-2069
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). • http://marc.info/?l=openssh-unix-dev&m=107520317020444&w=2 http://marc.info/?l=openssh-unix-dev&m=107529205602320&w=2 http://rhn.redhat.com/errata/RHSA-2005-550.html http://secunia.com/advisories/17000 http://secunia.com/advisories/17135 http://secunia.com/advisories/17252 http://secunia.com/advisories/22875 http://secunia.com/advisories/23680 http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf •