CVE-2007-2768
https://notcve.org/view.php?id=CVE-2007-2768
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. OpenSSH, cuando utiliza OPIE(One-Time Passwords in Everything) para PAM, permiet a atacantes remotos determinar la existencia de ciertas cuentas de usuarios, lo cual muestra una respuesta diferente si la cuenta de usuario existe y si está configurada para utilizar one-time passwords (OTP), un asunto similar es el CVE-2007-2243. • http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html http://www.osvdb.org/34601 https://security.netapp.com/advisory/ntap-20191107-0002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-2243 – OpenSSH s/key Weakness
https://notcve.org/view.php?id=CVE-2007-2243
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. OpenSSH 4.6 y anteriores, cuando ChallengeResponseAuthentication está habilitado, permite a atacantes remotos determinar la existencia de cuentas de usuario intentando autenticarse mediante S/KEY, lo cual muestra una respuesta diferente si la cuenta de usuario existe, un problema similar a CVE-2001-1483. OpenSSH, when configured to use S/KEY authentication, is prone to a remoteinformation disclosure weakness. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html http://securityreason.com/securityalert/2631 http://www.osvdb.org/34600 http://www.securityfocus.com/bid/23601 https://exchange.xforce.ibmcloud.com/vulnerabilities/33794 https://security.netapp.com/advisory/ntap-20191107-0003 • CWE-287: Improper Authentication •
CVE-2006-5794 – OpenSSH privilege separation flaw
https://notcve.org/view.php?id=CVE-2006-5794
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. Vulnerabilidad sin especificar en el sshd Privilege Separation Monitor en OpenSSH para versiones anteriores a la 4.5 que provoca una verificación más leve que la autenticación, y que podría permitir a atacantes remotos evitar la autenticación. NOTA: en el 20061108, se cree que es sólo explotada por el impulso de vulnerabilidades en un proceso sin privilegios, hasta ahora desconocidos. • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://rhn.redhat.com/errata/RHSA-2006-0738.html http://secunia.com/advisories/22771 http://secunia.com/advisories/22772 http://secunia.com/advisories/22773 http://secunia.com/advisories/22778 http://secunia.com/advisories/22814 http://secunia.com/advisories/22872 http://secunia.com/advisories/22932 http://secunia.com/advisories/23513 http://secunia.com/advisories/23680 http://secunia.com/advisories •
CVE-2006-5229 – Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack
https://notcve.org/view.php?id=CVE-2006-5229
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. OpenSSH portable 4.1 en SUSE Linux, y posiblemente en otras plataformas y versiones, y posiblemente bajo configuraciones limitadas, permite a atacantes remotos determinar nombres de usuario válidos mediante discrepancias de tiempo en las cuales las respuestas tardan más para nombres de usuario válidos que para los inválidos, como ha sido demostrado por sshtime. NOTA: a fecha de 14/10/2006, parece que este problema depende del uso de contraseñas configuradas manualmente que provoca retrasos procesando /etc/shadow debido a un incremento en el número de rondas. • https://www.exploit-db.com/exploits/3303 http://secunia.com/advisories/25979 http://www.osvdb.org/32721 http://www.securityfocus.com/archive/1/448025/100/0/threaded http://www.securityfocus.com/archive/1/448108/100/0/threaded http://www.securityfocus.com/archive/1/448156/100/0/threaded http://www.securityfocus.com/archive/1/448702/100/0/threaded http://www.securityfocus.com/bid/20418 http://www.sybsecurity.com/hack-proventia-1.pdf http://www.vupen.com/english • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-4925
https://notcve.org/view.php?id=CVE-2006-4925
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. packet.c en ssh en OpenSSH permite a atacantes remotos provocar una denegación de servicio (caída) mediante el envío de una secuencia de protocolo inválida con USERAUTH_SUCCESS antes de NEWKEYS, lo que provoca que newkeys[mode] sea nulo (NULL). • http://bugs.gentoo.org/show_bug.cgi?id=148228 http://secunia.com/advisories/22245 http://secunia.com/advisories/22298 http://secunia.com/advisories/22495 http://secunia.com/advisories/23038 http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 http://www.novell.com/linux/security/advisories/2006_24_sr.html http://www.novell.com/linux/security/advisories/2006_62_openssh.html http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1& •