CVE-2001-1029 – FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading
https://notcve.org/view.php?id=CVE-2001-1029
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. • https://www.exploit-db.com/exploits/21114 http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html http://www.osvdb.org/6073 https://exchange.xforce.ibmcloud.com/vulnerabilities/8697 •
CVE-2001-0529
https://notcve.org/view.php?id=CVE-2001-0529
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01 http://online.securityfocus.com/archive/1/188737 http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt http://www.k •
CVE-2001-0572
https://notcve.org/view.php?id=CVE-2001-0572
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. • http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391 http://www.kb.cert.org/vuls/id/596827 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3 http://www.redhat.com/support/errata/RHSA-2001-033.html •
CVE-2001-0361
https://notcve.org/view.php?id=CVE-2001-0361
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc http://marc.info/?l=bugtraq&m=98158450021686&w=2 http://www.ciac.org/ciac/bulletins/l-047.shtml http://www.debian.org/security/2001/dsa-023 http://www.debian.org/security/2001/dsa-027 http://www.debian.org/security/2001/dsa-086 http://www.novell.com/linux/security/advisories/adv004_ssh.html http://www.osvdb.org/2116 http://www.securityfocus.com/bid/2344 https://exchange.xforce& • CWE-310: Cryptographic Issues •
CVE-2001-1459
https://notcve.org/view.php?id=CVE-2001-1459
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. • http://marc.info/?l=bugtraq&m=99324968918628&w=2 http://www.kb.cert.org/vuls/id/797027 http://www.securityfocus.com/bid/2917 https://exchange.xforce.ibmcloud.com/vulnerabilities/6757 •