CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2003-0386
https://notcve.org/view.php?id=CVE-2003-0386
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. OpenSSH 3.6.1 y anteriores, cuando se restringe el acceso de máquinas por direcciones IP numéricas, y con VerifyReverseMapping desactivado, permite a atacantes remotos evitar restricciones de acceso "from=" y "usuario@maquina" conectandose a una máquina de un sistema cuyo nombre DNS inverso contiene la dirección IP numérica. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://lists.apple.com/mhonarc/security-announce/msg00038.html http://secunia.com/advisories/21129 http://secunia.com/advisories/21262 http://secunia.com/advisories/21724 http://secunia.com/advisories/22196 http://secunia.com/advisories/23680 http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm http://www.kb.cert.org/vuls/id/978316 http://www.redhat.com/support/errata/RHSA-2006-0298.html http& •
CVSS: 5.0EPSS: 4%CPEs: 8EXPL: 4CVE-2003-0190 – OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident
https://notcve.org/view.php?id=CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. OpenSSH-portable (OpenSSH) 3.6.1p1 y anteriores con soporte PAM activado envía inmediatamente un mensaje de error cuando un usuario no existe, lo que permite a atacantes remotos determinar nombres de usuario válidos mediante un ataque de temporización. • https://www.exploit-db.com/exploits/26 https://www.exploit-db.com/exploits/25 https://www.exploit-db.com/exploits/3303 http://lab.mediaservice.net/advisory/2003-01-openssh.txt http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html http://marc.info/?l=bugtraq&m=105172058404810&w=2 http://marc.info/?l=bugtraq&m=106018677302607&w=2 http://www.redhat.com/support/errata/RHSA-2003-222.html http://www.redhat.com/support/errata/RHSA-2003-224.html • CWE-203: Observable Discrepancy •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1420
https://notcve.org/view.php?id=CVE-2002-1420
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation. Error de falta de signo en entero en select() de OpenBSD 3.1 y anteriores permite a usuarios locales sobreescribir memoria del kernel arbitraria mediante un valor negativo en el parámetro de tamaño, que satisface la comprobación de límites de entero con signo, pero que es usado luego como un entero sin signo durante una operación de copia de datos. • http://marc.info/?l=bugtraq&m=102918817012863&w=2 http://www.iss.net/security_center/static/9809.php http://www.kb.cert.org/vuls/id/259787 http://www.osvdb.org/7554 http://www.securityfocus.com/bid/5442 •
CVSS: 7.5EPSS: 96%CPEs: 165EXPL: 1CVE-2003-0028
https://notcve.org/view.php?id=CVE-2003-0028
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. Desbordamiento de entero en la función xdrmem_getbytes(), y posiblemente otras funciones, de librerias XDR (representación de datos externos) derivadas de SunRPC, incluyendo libnsl, libc y glibc permite a atacantes remotos ejecutar código arbitrario mediante ciertos valores enteros en campos de longitud. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html http://marc.info/?l=bugtraq&m=104810574423662&w=2 http://marc.info/?l=bugtraq&m=104811415301340&w=2 http://marc.info/?l=bugtraq&m=104860855114117&w=2 http://marc.info/?l=bugtraq&m=104878237121402&w=2 http://marc.info/? •
CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 3CVE-2003-0144 – BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0144
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. • https://www.exploit-db.com/exploits/22331 https://www.exploit-db.com/exploits/22332 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P http://marc.info/?l=bugtraq&m=104690434504429&w=2 http://marc.info/?l=bugtraq&m=104714441925019&w=2 http://secunia.com/advisories/8293 http://www.debian.org/security/2003/dsa-267 http://www.debian.org/security/2003/dsa-275 http://www& •