CVE-2008-1483 – openssh may set DISPLAY even if it's unable to listen on respective port
https://notcve.org/view.php?id=CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. OpenSSH 4.3p2 y probablemente otras versiones, permite a usuarios locales secuestrar conexiones X enviadas provocando que ssh ponga DISPLAY a :10, incluso cuando otro proceso está escuchando en el puerto asociado, como se demostró abriendo el puerto TCp 6010 (IPv4) y escaneando una cookie enviada por Emacs. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29522 http://secunia.com/adviso • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-3102 – audit logging of failed logins
https://notcve.org/view.php?id=CVE-2007-3102
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. Vulnerabilidad sin especificar en la función linux_audit_record_event en el OpenSSH 4.3p2, como el utilizado por el Fedora Core 6 y, posiblemente, otros sistemas, permite a atacantes remotos escribir caracteres de su elección sobre un log auditado a través de nombres de usuario modificados. NOTA: algunos de estos detalles se obtienen a partir de la información de terceros. • http://osvdb.org/39214 http://secunia.com/advisories/27235 http://secunia.com/advisories/27588 http://secunia.com/advisories/27590 http://secunia.com/advisories/28319 http://secunia.com/advisories/28320 http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm http://www.redhat.com/support/errata/RHSA-2007-0540.html http://www.redhat.com/support/errata/RHSA-2007-0555.html http://www.redhat.com/support/ •
CVE-2007-4752 – openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails
https://notcve.org/view.php?id=CVE-2007-4752
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. ssh en OpenSSH anterior a 4.7 no maneja adecuadamente cuando una cookie no confiable no puede ser creada y utiliza una cookie X11 confiable en su lugar, lo cual permite a los atacantes violar políticas establecidas y obtener privilegios provocando que un cliente X sea tratado como confiable. • http://bugs.gentoo.org/show_bug.cgi?id=191321 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://secunia.com/advisories/27399 http://secunia.com/advisories/29420 http://secunia.com/advisories/30249 http://secunia.com/advisories/31575 http://secunia. • CWE-20: Improper Input Validation •
CVE-2007-4654
https://notcve.org/view.php?id=CVE-2007-4654
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024. Vulnerabilidad no especificada en SSHield 1.6.1 con OpenSSH 3.0.2p1 sobre Cisco WebNS 8.20.0.1 sobre dispositivos Cisco Content Services Switch (CSS) series 11000 permite a atacantes remotos provocar denegación de servicio (agotamiento de la ranura de conexión y caida del dispositivo) a través de una serie de paquetes grandes diseñados para explotar el desbordamiento de detección de ataque de SSH CRC32 (CVE-2001-0144), posiblemente un asunto relacionado con CVE-2002-1024. • http://osvdb.org/45873 http://securityreason.com/securityalert/3091 http://www.securityfocus.com/archive/1/478165/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44542 • CWE-399: Resource Management Errors •
CVE-2007-2243 – OpenSSH s/key Weakness
https://notcve.org/view.php?id=CVE-2007-2243
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. OpenSSH 4.6 y anteriores, cuando ChallengeResponseAuthentication está habilitado, permite a atacantes remotos determinar la existencia de cuentas de usuario intentando autenticarse mediante S/KEY, lo cual muestra una respuesta diferente si la cuenta de usuario existe, un problema similar a CVE-2001-1483. OpenSSH, when configured to use S/KEY authentication, is prone to a remoteinformation disclosure weakness. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html http://securityreason.com/securityalert/2631 http://www.osvdb.org/34600 http://www.securityfocus.com/bid/23601 https://exchange.xforce.ibmcloud.com/vulnerabilities/33794 https://security.netapp.com/advisory/ntap-20191107-0003 • CWE-287: Improper Authentication •