CVE-2006-5229 – Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack
https://notcve.org/view.php?id=CVE-2006-5229
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. OpenSSH portable 4.1 en SUSE Linux, y posiblemente en otras plataformas y versiones, y posiblemente bajo configuraciones limitadas, permite a atacantes remotos determinar nombres de usuario válidos mediante discrepancias de tiempo en las cuales las respuestas tardan más para nombres de usuario válidos que para los inválidos, como ha sido demostrado por sshtime. NOTA: a fecha de 14/10/2006, parece que este problema depende del uso de contraseñas configuradas manualmente que provoca retrasos procesando /etc/shadow debido a un incremento en el número de rondas. • https://www.exploit-db.com/exploits/3303 http://secunia.com/advisories/25979 http://www.osvdb.org/32721 http://www.securityfocus.com/archive/1/448025/100/0/threaded http://www.securityfocus.com/archive/1/448108/100/0/threaded http://www.securityfocus.com/archive/1/448156/100/0/threaded http://www.securityfocus.com/archive/1/448702/100/0/threaded http://www.securityfocus.com/bid/20418 http://www.sybsecurity.com/hack-proventia-1.pdf http://www.vupen.com/english • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-4925
https://notcve.org/view.php?id=CVE-2006-4925
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. packet.c en ssh en OpenSSH permite a atacantes remotos provocar una denegación de servicio (caída) mediante el envío de una secuencia de protocolo inválida con USERAUTH_SUCCESS antes de NEWKEYS, lo que provoca que newkeys[mode] sea nulo (NULL). • http://bugs.gentoo.org/show_bug.cgi?id=148228 http://secunia.com/advisories/22245 http://secunia.com/advisories/22298 http://secunia.com/advisories/22495 http://secunia.com/advisories/23038 http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 http://www.novell.com/linux/security/advisories/2006_24_sr.html http://www.novell.com/linux/security/advisories/2006_62_openssh.html http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1& •
CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especificados que conducen a una doble liberación. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://secunia.com/advisories& • CWE-415: Double Free •
CVE-2006-5052 – Kerberos information leak
https://notcve.org/view.php?id=CVE-2006-5052
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." Vulnerabilidad no especificada en OpenSSH portable anterior a 4.4, cuando funciona sobre algunas plataformas permite a un atacante remoto determinan la validación de los nombres de usuario a través de vectores desconocidos afectando a GSSAPI "aborto de validacion." • http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://rhn.redhat.com/errata/RHSA-2006-0697.html http://secunia.com/advisories/22158 http://secunia.com/advisories/22173 http://secunia.com/advisories/22495 http://secunia.com/advisories/22823 http://secunia.com/advisories/24479 http://secunia.com& •
CVE-2006-4924 – OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-4924
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un paquete SSH que contiene bloques duplicados, los cuales no se manejan correctamente por el detector de ataque de compensación CRC. • https://www.exploit-db.com/exploits/2444 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability http://bugs.gentoo.org/show_bug.cgi?id=148228 http://docs.info.apple.com/article.html?artnum=305214 http://itrc.hp.com/service/cki/docDisplay • CWE-399: Resource Management Errors •