CVE-2006-5484
https://notcve.org/view.php?id=CVE-2006-5484
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. SSH Tectia Client/Server/Connector 5.1.0 y anteriores, Manager 2.2.0 y anteriores, y otros productos, al usar una clave RSA con exponente 3, borra el relleno PKCS-1 antes de generar un hash, lo cual permite a atacantes remotos forjar una firma PKCS #1 v1.5 que es firmada por esa clave RSA y evita que Tectia verifique correctamente certificados X.509 y otros certificados que usan PKCS #1, un asunto similar a CVE-2006-4339. • http://secunia.com/advisories/22350 http://securitytracker.com/id?1017060 http://securitytracker.com/id?1017061 http://www.kb.cert.org/vuls/id/845620 http://www.ssh.com/company/news/2006/english/security/article/786 http://www.vupen.com/english/advisories/2006/4032 •
CVE-2006-4315
https://notcve.org/view.php?id=CVE-2006-4315
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. Vulnerabilidad de ruta no confiable en la búsqueda no literal de Windows en múltiples productos SSH de Tectia, incluyendo el Client/Server/Connector 5.0.0 y 5.0.1 y Client/Server anterior a 4.4.5, y Manager 2.12 y anteriores, cuando se ejecutan en Windows, podrían permitir a usuarios locales escalar privilegios mediante un archivo de programa malicioso en "Archivos de Programa" o sus subdirectorios. • http://securitytracker.com/id?1016743 http://www.securityfocus.com/bid/19679 http://www.ssh.com/company/news/2006/english/security/article/775 https://exchange.xforce.ibmcloud.com/vulnerabilities/28566 •
CVE-2005-2146
https://notcve.org/view.php?id=CVE-2005-2146
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. • http://secunia.com/advisories/15894 http://www.ssh.com/company/newsroom/article/653 •