CVE-2006-0225 – local to local copy uses shell expansion twice
https://notcve.org/view.php?id=CVE-2006-0225
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. scp en OpenSSH 4.2p1 permite a atacantes ejecutar órdenes de su elección mediante nombres de ficheros que contienen metacaractéres o espacios, que son expandidos dos veces. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability http://docs.info.apple.com/article.html?artnum=305214 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://secunia.com/advisories/18579 http://secunia.com/advisories/18595 http: •
CVE-2005-2797
https://notcve.org/view.php?id=CVE-2005-2797
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt http://marc.info/?l=bugtraq&m=112605977304049&w=2 http://secunia.com/advisories/16686 http://secunia.com/advisories/18010 http://secunia.com/advisories/18661 http://secunia.com/advisories/19243 http://securitytracker.com/id?1014845 http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm http://www.mindrot.org/pipermai •
CVE-2005-2798
https://notcve.org/view.php?id=CVE-2005-2798
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/16686 http://secunia.com/advisories/17077 http://secunia.com/advisories/17245 http://secunia.com/advisories/18010 http://secunia.com/advisories/18406 http://secunia.com/advisories/18507 http://secunia.com/advisories/18661 http://secunia.com/advisories/18717 http://securitytracker.com/id?1014845 http: •
CVE-2005-2666 – openssh vulnerable to known_hosts address harvesting
https://notcve.org/view.php?id=CVE-2005-2666
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt http://nms.csail.mit.edu/projects/ssh http://secunia.com/advisories/19243 http://secunia.com/advisories/25098 http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asp http://www.redhat.com/support/errata/RHSA-2007-0257.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201 https://access.redhat.com/security/cve/CVE-2005-2666 https://bugzilla.redhat.com/show • CWE-255: Credentials Management Errors •
CVE-2004-2760
https://notcve.org/view.php?id=CVE-2004-2760
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. • http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html http://securityreason.com/securityalert/4100 http://www.securityfocus.com/archive/1/360198 • CWE-16: Configuration •