CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5352 – openssh: XSECURITY restrictions bypass under certain conditions in ssh(1)
https://notcve.org/view.php?id=CVE-2015-5352
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. Vulnerabilidad en la función x11_open_helper en channels.c en ssh en OpenSSH en versiones anteriores a 6.9, cuando no se utiliza el modo ForwardX11Trusted, carece de una verificación de tiempo límite para conexiones X, lo que facilita a atacantes remotos eludir la restricción destinada al acceso a través de una conexión fuera de la ventana de tiempo permitida. It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://openwall.com/lists/oss-security/2015/07/01/10 http://rhn.redhat.com/errata/RHSA-2016-0741.html http://www.openssh.com/txt/release-6.9 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/75525 http://www.securitytracker.com/id/1032797 http://www.ubuntu.com/usn&#x • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9424
https://notcve.org/view.php?id=CVE-2014-9424
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake. Doble vulnerabilidad de liberación en la función ssl_parse_clienthello_use_srtp_ext en d1_srtp.c en LibreSSL anterior a 2.1.2 permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar mediante la activación de un error de verificación de longitud durante el proceso de negociación DTLS • https://code.google.com/p/google-security-research/issues/detail?id=202 https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-7250
https://notcve.org/view.php?id=CVE-2014-7250
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. La pila de TCP en 4.3BSD Net/2, utilizado en FreeBSD 5.4, NetBSD posiblemente 2.0, y OpenBSD posiblemente 3.6, no implementa correctamente el temporizador de la sesión, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de paquetes manipulados. • http://jvn.jp/en/jp/JVN07930208/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243 • CWE-399: Resource Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9278 – openssh: ~/.k5users unexpectedly grants remote login
https://notcve.org/view.php?id=CVE-2014-9278
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. El servidor OpenSSH, utilizado en Fedora y Red Hat Enterprise Linux 7 y cuando funciona en un entorno Kerberos, permite a usuarios remotos autenticados iniciar sesión como otro usuario cuando están listados en el fichero .k5users de ese usuario, lo que podría evadir los requisitos de autenticación que forzaría un inicio de sesión local. It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions. • http://rhn.redhat.com/errata/RHSA-2015-0425.html http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855 http://www.openwall.com/lists/oss-security/2014/12/02/3 http://www.openwall.com/lists/oss-security/2014/12/04/17 http://www.securityfocus.com/bid/71420 https://bugzilla.mindrot.org/show_bug.cgi?id=1867 https://bugzilla.redhat.com/show_bug.cgi?id=1169843 https://exchange.xforce.ibmcloud.com/vulnerabilities/99090 https://access.redhat.com/security/cve/CVE • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-2125
https://notcve.org/view.php?id=CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. OpenSMTPD anterior a 5.3.2 no maneja debidamente sesiones SSL, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo de conexión) mediante una conexión que se mantiene abierta. • http://git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe24ad747bf9d591330d683728b0 http://osvdb.org/93495 http://seclists.org/oss-sec/2013/q2/362 http://seclists.org/oss-sec/2013/q2/366 http://secunia.com/advisories/53353 https://exchange.xforce.ibmcloud.com/vulnerabilities/84388 • CWE-310: Cryptographic Issues •