CVE-2007-2063
https://notcve.org/view.php?id=CVE-2007-2063
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact. SSH Tectia Server para IBM z/OS versiones anteriores a 5.4.0, usa permisos no seguros de escritura mundial para (1) el archivo pid del servidor, lo que permite a usuarios locales causar que sean detenidos procesos arbitrarios, o (2) cuando _BPX_BATCH_ UMASK está faltando en el entorno, crea archivos HFS con permisos no seguros, lo que permite a usuarios locales leer o modificar estos archivos y tener otro impacto desconocido. • http://osvdb.org/34998 http://secunia.com/advisories/24916 http://securitytracker.com/id?1017913 http://www.osvdb.org/35014 http://www.securityfocus.com/bid/23508 http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt http://www.vupen.com/english/advisories/2007/1414 https://exchange.xforce.ibmcloud.com/vulnerabilities/33699 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-5484
https://notcve.org/view.php?id=CVE-2006-5484
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. SSH Tectia Client/Server/Connector 5.1.0 y anteriores, Manager 2.2.0 y anteriores, y otros productos, al usar una clave RSA con exponente 3, borra el relleno PKCS-1 antes de generar un hash, lo cual permite a atacantes remotos forjar una firma PKCS #1 v1.5 que es firmada por esa clave RSA y evita que Tectia verifique correctamente certificados X.509 y otros certificados que usan PKCS #1, un asunto similar a CVE-2006-4339. • http://secunia.com/advisories/22350 http://securitytracker.com/id?1017060 http://securitytracker.com/id?1017061 http://www.kb.cert.org/vuls/id/845620 http://www.ssh.com/company/news/2006/english/security/article/786 http://www.vupen.com/english/advisories/2006/4032 •
CVE-2006-4315
https://notcve.org/view.php?id=CVE-2006-4315
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. Vulnerabilidad de ruta no confiable en la búsqueda no literal de Windows en múltiples productos SSH de Tectia, incluyendo el Client/Server/Connector 5.0.0 y 5.0.1 y Client/Server anterior a 4.4.5, y Manager 2.12 y anteriores, cuando se ejecutan en Windows, podrían permitir a usuarios locales escalar privilegios mediante un archivo de programa malicioso en "Archivos de Programa" o sus subdirectorios. • http://securitytracker.com/id?1016743 http://www.securityfocus.com/bid/19679 http://www.ssh.com/company/news/2006/english/security/article/775 https://exchange.xforce.ibmcloud.com/vulnerabilities/28566 •
CVE-2005-4310
https://notcve.org/view.php?id=CVE-2005-4310
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials. • http://secunia.com/advisories/18001 http://securitytracker.com/id?1015368 http://www.securityfocus.com/bid/15903 http://www.ssh.com/company/newsroom/article/694 http://www.vupen.com/english/advisories/2005/2929 •