CVE-2006-5052 – Kerberos information leak
https://notcve.org/view.php?id=CVE-2006-5052
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." Vulnerabilidad no especificada en OpenSSH portable anterior a 4.4, cuando funciona sobre algunas plataformas permite a un atacante remoto determinan la validación de los nombres de usuario a través de vectores desconocidos afectando a GSSAPI "aborto de validacion." • http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://rhn.redhat.com/errata/RHSA-2006-0697.html http://secunia.com/advisories/22158 http://secunia.com/advisories/22173 http://secunia.com/advisories/22495 http://secunia.com/advisories/22823 http://secunia.com/advisories/24479 http://secunia.com& •
CVE-2006-4924 – OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-4924
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un paquete SSH que contiene bloques duplicados, los cuales no se manejan correctamente por el detector de ataque de compensación CRC. • https://www.exploit-db.com/exploits/2444 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability http://bugs.gentoo.org/show_bug.cgi?id=148228 http://docs.info.apple.com/article.html?artnum=305214 http://itrc.hp.com/service/cki/docDisplay • CWE-399: Resource Management Errors •
CVE-2006-0883
https://notcve.org/view.php?id=CVE-2006-0883
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc http://bugzilla.mindrot.org/show_bug.cgi?id=839 http://securityreason.com/securityalert/520 http://securitytracker.com/id?1015706 http://www.osvdb.org/23797 http://www.securityfocus.com/bid/16892 http://www.vupen.com/english/advisories/2006/0805 https://exchange.xforce.ibmcloud.com/vulnerabilities/25116 • CWE-399: Resource Management Errors •
CVE-2006-0225 – local to local copy uses shell expansion twice
https://notcve.org/view.php?id=CVE-2006-0225
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. scp en OpenSSH 4.2p1 permite a atacantes ejecutar órdenes de su elección mediante nombres de ficheros que contienen metacaractéres o espacios, que son expandidos dos veces. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability http://docs.info.apple.com/article.html?artnum=305214 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://secunia.com/advisories/18579 http://secunia.com/advisories/18595 http: •
CVE-2005-2797
https://notcve.org/view.php?id=CVE-2005-2797
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt http://marc.info/?l=bugtraq&m=112605977304049&w=2 http://secunia.com/advisories/16686 http://secunia.com/advisories/18010 http://secunia.com/advisories/18661 http://secunia.com/advisories/19243 http://securitytracker.com/id?1014845 http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm http://www.mindrot.org/pipermai •