Page 4 of 32 results (0.010 seconds)

CVSS: 7.5EPSS: 5%CPEs: 16EXPL: 0

CVE-2016-10708 – openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service

https://notcve.org/view.php?id=CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. sshd en OpenSSH, en versiones anteriores a la 7.4, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del demonio) mediante un mensaje NEWKEYS fuera de secuencia, tal y como demuestra Honggfuzz, relacionado con kex.c y packet.c. • http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html http://www.securityfocus.com/bid/102780 https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10284 https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://security.netapp.com/advisory/ntap-20180423 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 5.3EPSS: 0%CPEs: 28EXPL: 0

CVE-2017-15906 – openssh: Improper write operations in readonly mode allow for zero-length file creation

https://notcve.org/view.php?id=CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero. • http://www.securityfocus.com/bid/101552 https://access.redhat.com/errata/RHSA-2018:0980 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://security.gentoo.org/glsa/201801-05 https://security.netapp.com/advisory/ntap-20180423-0004 https://www.openssh.com/txt/release-7.6 https://www.oracle.com/security-alerts/cpujan2020.html http • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10011 – openssh: Leak of host private key material to privilege-separated child process via realloc()

https://notcve.org/view.php?id=CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. authfile.c en sshd en OpenSSH en versiones anteriores a 7.4 no considera apropiadamente los efectos de realloc en el contenido de búfer, lo que podría permitir a usuarios locales obtener información sensible de clave privada aprovechando el acceso a un subproceso separado de privilegios. It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. • http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.securityfocus.com/bid/94977 http://www.securitytracker.com/id/1037490 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 https://access.redhat.com/errata/RHSA-2017:2029 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-320: Key Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10012 – openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support

https://notcve.org/view.php?id=CVE-2016-10012

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. El administrador de memoria compartida (asociado con la compresión de pre-autenticación) en sshd en OpenSSH en versiones anteriores a 7.4 no asegura que una verificación de límites sea ejecutada por todos los compiladores, lo que podría permitir a usuarios locales obtener privilegios aprovechando el acceso a un proceso separado de privilegios aislado, relacionado con las estructuras de datos m_zback y m_zlib. It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. • http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.securityfocus.com/bid/94975 http://www.securitytracker.com/id/1037490 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 https://access.redhat.com/errata/RHSA-2017:2029 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2016-10010 – OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. sshd en OpenSSH en versiones anteriores a 7.4, cuando no se utiliza la separación de privilegios, crea Unix-domain sockets reenviados como root, lo que podría permitir a usuarios locales obtener privilegios a través de vectores no especificados, relacionado con serverloop.c. • https://www.exploit-db.com/exploits/40962 http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.securityfocus.com/bid/94972 http://www.securitytracker.com/id/1037490 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf • CWE-264: Permissions, Privileges, and Access Controls •