Page 14 of 101 results (0.007 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. • http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html http://securityreason.com/securityalert/4100 http://www.securityfocus.com/archive/1/360198 • CWE-16: Configuration •

CVSS: 5.0EPSS: 7%CPEs: 2EXPL: 0

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). • http://marc.info/?l=openssh-unix-dev&m=107520317020444&w=2 http://marc.info/?l=openssh-unix-dev&m=107529205602320&w=2 http://rhn.redhat.com/errata/RHSA-2005-550.html http://secunia.com/advisories/17000 http://secunia.com/advisories/17135 http://secunia.com/advisories/17252 http://secunia.com/advisories/22875 http://secunia.com/advisories/23680 http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf •

CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. • http://marc.info/?l=bugtraq&m=109413637313484&w=2 http://securitytracker.com/id?1011143 http://www.osvdb.org/9562 https://exchange.xforce.ibmcloud.com/vulnerabilities/17213 https://security.netapp.com/advisory/ntap-20191107-0001 •

CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. Vulnerabilidad de atravesamiento de directorios en scp de OpenSSH anteriores a 3.4p1 permite a servidores remotos maliciosos sobreescribir ficheros de su eleccion. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831 http://secunia.com/advisories/17135 http://secunia.com/advisories/19243 http://www.ciac.org/ciac/bulletins/o-212.shtml http://www.juniper.net/support/security/alerts/adv59739.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:100 http://www.mandriva.com/security/advisories?name=MDVSA-2008:191 http://www.novell.com/linux/s • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.6EPSS: 1%CPEs: 45EXPL: 0

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747 http://www.securityfocus.com/archive/1/320153 http://www.securityfocus.com/archive/1/320302 http://www.securityfocus.com/archive/1/320440 http://www.securityfocus.com/bid/7482 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •