CVSS: 5.3EPSS: 90%CPEs: 32EXPL: 41CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
17 Aug 2018 — OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto e... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2016-10708 – openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service
https://notcve.org/view.php?id=CVE-2016-10708
21 Jan 2018 — sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. sshd en OpenSSH, en versiones anteriores a la 7.4, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del demonio) mediante un mensaje NEWKEYS fuera de secuencia, tal y como demuestra Honggfuzz, relacionado con kex.c y p... • http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 2%CPEs: 28EXPL: 0CVE-2017-15906 – openssh: Improper write operations in readonly mode allow for zero-length file creation
https://notcve.org/view.php?id=CVE-2017-15906
26 Oct 2017 — The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero. Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote a... • http://www.securityfocus.com/bid/101552 • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10011 – openssh: Leak of host private key material to privilege-separated child process via realloc()
https://notcve.org/view.php?id=CVE-2016-10011
25 Dec 2016 — authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. authfile.c en sshd en OpenSSH en versiones anteriores a 7.4 no considera apropiadamente los efectos de realloc en el contenido de búfer, lo que podría permitir a usuarios locales obtener información sensible de clave privada aprovechando el acceso a un subproceso se... • http://www.openwall.com/lists/oss-security/2016/12/19/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-320: Key Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10012 – openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support
https://notcve.org/view.php?id=CVE-2016-10012
25 Dec 2016 — The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. El administrador de memoria compartida (asociado con la compresión de pre-autenticación) en sshd en OpenSSH en versiones anteriores a 7.4 no asegura que una verificación de l... • http://www.openwall.com/lists/oss-security/2016/12/19/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2016-10009 – OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading
https://notcve.org/view.php?id=CVE-2016-10009
23 Dec 2016 — Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. Vulnerabilidad de ruta de búsqueda no confiable en ssh-agent.c en ssh-agent en OpenSSH en versiones anteriores a 7.4 permite a atacantes remotos ejecutar modulos locales PKCS#11 arbitrarios aprovechando el control sobre un agent-socket reenviado. It was found that ssh-agent could load PKCS#11 modules from... • https://packetstorm.news/files/id/173661 • CWE-426: Untrusted Search Path •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10010 – OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-10010
23 Dec 2016 — sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. sshd en OpenSSH en versiones anteriores a 7.4, cuando no se utiliza la separación de privilegios, crea Unix-domain sockets reenviados como root, lo que podría permitir a usuarios locales obtener privilegios a través de vectores no especificados, relacionado con serverloop.c. The ssh-agent(1) agent ... • https://packetstorm.news/files/id/140262 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 59%CPEs: 6EXPL: 1CVE-2016-8858 – Gentoo Linux Security Advisory 201612-18
https://notcve.org/view.php?id=CVE-2016-8858
07 Dec 2016 — The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." ** DISPUTADA ** La función kex_input_kexinit en kex.c en OpenSSH 6.x y 7.x hasta la versión 7.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) enviando muchas peticiones duplicadas KEXI... • https://github.com/dag-erling/kexkill • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 84%CPEs: 2EXPL: 5CVE-2016-6515 – OpenSSH 7.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-6515
07 Aug 2016 — The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. La función auth_password en auth-passwd.c en sshd en OpenSSH en versiones anteriores a 7.3 no limita longitudes de contraseña para autenticación de contraseña, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU clave) a través de una caden... • https://packetstorm.news/files/id/140070 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 92%CPEs: 1EXPL: 8CVE-2016-6210 – OpenSSH 7.2p2 - Username Enumeration
https://notcve.org/view.php?id=CVE-2016-6210
18 Jul 2016 — sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. sshd en OpenSSH en versiones anteriores a 7.3, cuando SHA256 o SHA512 son utilizados para el hashing de la contraseña del usuario, utiliza BLOWFISH hashing en una contraseña estática cuando no existe el nombre d... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •