CVE-2008-3259
https://notcve.org/view.php?id=CVE-2008-3259
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. OpenSSH anterior a 5.1 activa la opción del socket SO_REUSEADDR cuando la configuración X11UseLocalhost está desactivada, lo que permite a usuarios locales en determinadas plataformas, secuestrar el puerto de reenvío X11 a través de una única dirección IP como se ha demostrado sobre la plataforma HP-UX. • http://openssh.com/security.html http://secunia.com/advisories/31179 http://www.openssh.com/txt/release-5.1 http://www.securityfocus.com/bid/30339 http://www.securitytracker.com/id?1020537 http://www.vupen.com/english/advisories/2008/2148 https://exchange.xforce.ibmcloud.com/vulnerabilities/43940 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3234 – Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. sshd en OpenSSH 4 sobre Debian GNU/Linux, y el OpenSSH Snapshot 20070303, permiten que usuarios remotos autenticados obtener acceso a roles de usuario SELinux arbitrarios añadiendo al nombre de usuario una secuencia :/ (dos puntos - barra), seguido por el nombre del rol de usuario que se desee. • https://www.exploit-db.com/exploits/6094 http://www.securityfocus.com/bid/30276 https://exchange.xforce.ibmcloud.com/vulnerabilities/44037 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1657
https://notcve.org/view.php?id=CVE-2008-1657
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. OpenSSH versión 4.4 anterior a 4.9, permite a los usuarios autenticados remotos omitir la directiva ForceCommand de sshd_config mediante la modificación del archivo de sesión .ssh/rc. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29602 http://secunia.com/advisories/29609 http://secunia.com/advisories/29683 http://secunia.com/advisories/29693 http://secunia.com/advisories/29735 http://s • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1483 – openssh may set DISPLAY even if it's unable to listen on respective port
https://notcve.org/view.php?id=CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. OpenSSH 4.3p2 y probablemente otras versiones, permite a usuarios locales secuestrar conexiones X enviadas provocando que ssh ponga DISPLAY a :10, incluso cuando otro proceso está escuchando en el puerto asociado, como se demostró abriendo el puerto TCp 6010 (IPv4) y escaneando una cookie enviada por Emacs. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29522 http://secunia.com/adviso • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-3102 – audit logging of failed logins
https://notcve.org/view.php?id=CVE-2007-3102
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. Vulnerabilidad sin especificar en la función linux_audit_record_event en el OpenSSH 4.3p2, como el utilizado por el Fedora Core 6 y, posiblemente, otros sistemas, permite a atacantes remotos escribir caracteres de su elección sobre un log auditado a través de nombres de usuario modificados. NOTA: algunos de estos detalles se obtienen a partir de la información de terceros. • http://osvdb.org/39214 http://secunia.com/advisories/27235 http://secunia.com/advisories/27588 http://secunia.com/advisories/27590 http://secunia.com/advisories/28319 http://secunia.com/advisories/28320 http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm http://www.redhat.com/support/errata/RHSA-2007-0540.html http://www.redhat.com/support/errata/RHSA-2007-0555.html http://www.redhat.com/support/ •