CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10011 – openssh: Leak of host private key material to privilege-separated child process via realloc()
https://notcve.org/view.php?id=CVE-2016-10011
25 Dec 2016 — authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. authfile.c en sshd en OpenSSH en versiones anteriores a 7.4 no considera apropiadamente los efectos de realloc en el contenido de búfer, lo que podría permitir a usuarios locales obtener información sensible de clave privada aprovechando el acceso a un subproceso se... • http://www.openwall.com/lists/oss-security/2016/12/19/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-320: Key Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10012 – openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support
https://notcve.org/view.php?id=CVE-2016-10012
25 Dec 2016 — The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. El administrador de memoria compartida (asociado con la compresión de pre-autenticación) en sshd en OpenSSH en versiones anteriores a 7.4 no asegura que una verificación de l... • http://www.openwall.com/lists/oss-security/2016/12/19/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2016-10009 – OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading
https://notcve.org/view.php?id=CVE-2016-10009
23 Dec 2016 — Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. Vulnerabilidad de ruta de búsqueda no confiable en ssh-agent.c en ssh-agent en OpenSSH en versiones anteriores a 7.4 permite a atacantes remotos ejecutar modulos locales PKCS#11 arbitrarios aprovechando el control sobre un agent-socket reenviado. It was found that ssh-agent could load PKCS#11 modules from... • https://packetstorm.news/files/id/173661 • CWE-426: Untrusted Search Path •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10010 – OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-10010
23 Dec 2016 — sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. sshd en OpenSSH en versiones anteriores a 7.4, cuando no se utiliza la separación de privilegios, crea Unix-domain sockets reenviados como root, lo que podría permitir a usuarios locales obtener privilegios a través de vectores no especificados, relacionado con serverloop.c. The ssh-agent(1) agent ... • https://packetstorm.news/files/id/140262 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 59%CPEs: 6EXPL: 1CVE-2016-8858 – Gentoo Linux Security Advisory 201612-18
https://notcve.org/view.php?id=CVE-2016-8858
07 Dec 2016 — The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." ** DISPUTADA ** La función kex_input_kexinit en kex.c en OpenSSH 6.x y 7.x hasta la versión 7.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) enviando muchas peticiones duplicadas KEXI... • https://github.com/dag-erling/kexkill • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 84%CPEs: 2EXPL: 5CVE-2016-6515 – OpenSSH 7.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-6515
07 Aug 2016 — The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. La función auth_password en auth-passwd.c en sshd en OpenSSH en versiones anteriores a 7.3 no limita longitudes de contraseña para autenticación de contraseña, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU clave) a través de una caden... • https://packetstorm.news/files/id/140070 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 92%CPEs: 1EXPL: 8CVE-2016-6210 – OpenSSH 7.2p2 - Username Enumeration
https://notcve.org/view.php?id=CVE-2016-6210
18 Jul 2016 — sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. sshd en OpenSSH en versiones anteriores a 7.3, cuando SHA256 o SHA512 son utilizados para el hashing de la contraseña del usuario, utiliza BLOWFISH hashing en una contraseña estática cuando no existe el nombre d... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8325 – openssh: privilege escalation via user's PAM environment and UseLogin=yes
https://notcve.org/view.php?id=CVE-2015-8325
15 Apr 2016 — The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. La función do_setup_env en session.c en sshd en OpenSSH hasta la versión 7.2p2, cuando la funcionalidad UseLogin está activa y PAM está configurado para leer archivos... • http://rhn.redhat.com/errata/RHSA-2016-2588.html • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2016-1908 – openssh: possible fallback from untrusted to trusted X11 forwarding
https://notcve.org/view.php?id=CVE-2016-1908
22 Mar 2016 — The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. El cliente en OpenSSH en versiones anteriores a 7.2 no maneja correctamente falló en la generación de cookies para el reenvío... • http://openwall.com/lists/oss-security/2016/01/15/13 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 45%CPEs: 2EXPL: 2CVE-2016-3115 – OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
https://notcve.org/view.php?id=CVE-2016-3115
14 Mar 2016 — Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Múltiples vulnerabilidades de inyección CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de dat... • https://packetstorm.news/files/id/136234 • CWE-20: Improper Input Validation •