CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2532 – openssh: AcceptEnv environment restriction bypass flaw
https://notcve.org/view.php?id=CVE-2014-2532
18 Mar 2014 — sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. sshd en OpenSSH anterior a 6.6 no soporta debidamente comodines en líneas AcceptEnv en sshd_config, lo que permite a atacantes remotos evadir restricciones de entorno mediante el uso de una subcadena localizada antes de un caracter de comodín. It was found that OpenSSH did not prop... • http://advisories.mageia.org/MGASA-2014-0143.html • CWE-138: Improper Neutralization of Special Elements CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 80EXPL: 0CVE-2011-4327
https://notcve.org/view.php?id=CVE-2011-4327
03 Feb 2014 — ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. ssh-keysign.c en ssh-keysign en OpenSSH anterior a 5.8p2 en ciertas plataformas ejecuta ssh-rand-helper con descriptores de archivos abiertos no deseados, lo cual permite a usuarios locales obtener información clave sensible a través de la llamada al sistema ptrace. • http://www.openssh.com/txt/portable-keysign-rand-helper.adv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2014-1692 – HP Security Bulletin HPSBUX03188 SSRT101487 1
https://notcve.org/view.php?id=CVE-2014-1692
29 Jan 2014 — The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition. La función hash_buffer en schnorr.c en OpenSSH hasta 6.4 cuando Makefile.inc se modifica para habilitar el protocolo J-PAKE, no inicializa ciertas estructuras de datos, lo que podría... • http://marc.info/?l=bugtraq&m=141576985122836&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4548 – Slackware Security Advisory - openssh Updates
https://notcve.org/view.php?id=CVE-2013-4548
08 Nov 2013 — The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. La función mm_newkeys_from_blob en monitor_wrap.c de sshd en OpenSSH 6.2 y 6.3, cuando se utiliza el cifrado AES-GCM, no inicia correctamente la memoria para una estru... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 83EXPL: 0CVE-2010-5107 – openssh: Prevent connection slot exhaustion attacks
https://notcve.org/view.php?id=CVE-2010-5107
07 Mar 2013 — The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. La configuración por defecto de OpenSSH hasta v6.1 impone un límite de tiempo fijado entre el establecimiento de una conexión TCP y el inicio de sesión, lo que hace que sea más fácil para los atacantes remotos provocar una ... • http://marc.info/?l=bugtraq&m=144050155601375&w=2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 2CVE-2011-5000 – openssh: post-authentication resource exhaustion bug via GSSAPI
https://notcve.org/view.php?id=CVE-2011-5000
04 Apr 2012 — The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. La función de ssh_gssapi_parse_ename en GSS-serv.c en OpenSSH v5.8 y versiones anteriores, cuando gssapi-with-mic de autenticación está activada, permite a usuarios remotos autenticados p... • http://rhn.redhat.com/errata/RHSA-2012-0884.html • CWE-189: Numeric Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 78EXPL: 0CVE-2012-0814 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2012-0814
27 Jan 2012 — The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys fi... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 84EXPL: 3CVE-2010-4755 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2010-4755
02 Mar 2011 — The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. La (1) función remote_glob en sftp-glob... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2011-0539
https://notcve.org/view.php?id=CVE-2011-0539
10 Feb 2011 — The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. La función key_certify en usr.bin/ssh/key.c en OpenSSH v5.6 y v5.7 al generar los certificados de herencia con la opción de línea de comandos -t en ssh-keygen, no se inicializa el campo nonce... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 78EXPL: 1CVE-2010-4478 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2010-4478
06 Dec 2010 — OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. OpenSSH v5.6 y versiones anteriores, si J-PAKE está activo, no valida apropiadamente los parámetros públicos en el protocolo J-PAKE, lo que permite a atacantes remotos evitar la neces... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 • CWE-287: Improper Authentication •