CVSS: 5.3EPSS: 3%CPEs: 56EXPL: 0CVE-2018-20685 – openssh: scp client improper directory name validation
https://notcve.org/view.php?id=CVE-2018-20685
10 Jan 2019 — In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente. Many ... • http://www.securityfocus.com/bid/106531 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 1%CPEs: 7EXPL: 0CVE-2018-15919
https://notcve.org/view.php?id=CVE-2018-15919
28 Aug 2018 — Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' Un comportamiento observable de forma remota en auth-gss2.c en OpenSSH hasta la versión 7.8 podría ser empleado por atacantes remotos para detectar la existencia de usuarios en un sistem... • http://seclists.org/oss-sec/2018/q3/180 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 90%CPEs: 32EXPL: 41CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
17 Aug 2018 — OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto e... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2016-10708 – openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service
https://notcve.org/view.php?id=CVE-2016-10708
21 Jan 2018 — sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. sshd en OpenSSH, en versiones anteriores a la 7.4, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del demonio) mediante un mensaje NEWKEYS fuera de secuencia, tal y como demuestra Honggfuzz, relacionado con kex.c y p... • http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 2%CPEs: 28EXPL: 0CVE-2017-15906 – openssh: Improper write operations in readonly mode allow for zero-length file creation
https://notcve.org/view.php?id=CVE-2017-15906
26 Oct 2017 — The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero. Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote a... • http://www.securityfocus.com/bid/101552 • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10011 – openssh: Leak of host private key material to privilege-separated child process via realloc()
https://notcve.org/view.php?id=CVE-2016-10011
25 Dec 2016 — authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. authfile.c en sshd en OpenSSH en versiones anteriores a 7.4 no considera apropiadamente los efectos de realloc en el contenido de búfer, lo que podría permitir a usuarios locales obtener información sensible de clave privada aprovechando el acceso a un subproceso se... • http://www.openwall.com/lists/oss-security/2016/12/19/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-320: Key Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10012 – openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support
https://notcve.org/view.php?id=CVE-2016-10012
25 Dec 2016 — The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. El administrador de memoria compartida (asociado con la compresión de pre-autenticación) en sshd en OpenSSH en versiones anteriores a 7.4 no asegura que una verificación de l... • http://www.openwall.com/lists/oss-security/2016/12/19/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2016-10009 – OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading
https://notcve.org/view.php?id=CVE-2016-10009
23 Dec 2016 — Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. Vulnerabilidad de ruta de búsqueda no confiable en ssh-agent.c en ssh-agent en OpenSSH en versiones anteriores a 7.4 permite a atacantes remotos ejecutar modulos locales PKCS#11 arbitrarios aprovechando el control sobre un agent-socket reenviado. It was found that ssh-agent could load PKCS#11 modules from... • https://packetstorm.news/files/id/173661 • CWE-426: Untrusted Search Path •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10010 – OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-10010
23 Dec 2016 — sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. sshd en OpenSSH en versiones anteriores a 7.4, cuando no se utiliza la separación de privilegios, crea Unix-domain sockets reenviados como root, lo que podría permitir a usuarios locales obtener privilegios a través de vectores no especificados, relacionado con serverloop.c. The ssh-agent(1) agent ... • https://packetstorm.news/files/id/140262 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 59%CPEs: 6EXPL: 1CVE-2016-8858 – Gentoo Linux Security Advisory 201612-18
https://notcve.org/view.php?id=CVE-2016-8858
07 Dec 2016 — The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." ** DISPUTADA ** La función kex_input_kexinit en kex.c en OpenSSH 6.x y 7.x hasta la versión 7.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) enviando muchas peticiones duplicadas KEXI... • https://github.com/dag-erling/kexkill • CWE-399: Resource Management Errors •