Page 5 of 110 results (0.012 seconds)

CVSS: 5.3EPSS: 2%CPEs: 32EXPL: 18

CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration

https://notcve.org/view.php?id=CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto está relacionado con auth2-gss.c, auth2-hostbased.c, y auth2-pubkey.c. A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. • https://www.exploit-db.com/exploits/45939 https://www.exploit-db.com/exploits/45233 https://www.exploit-db.com/exploits/45210 https://github.com/Rhynorater/CVE-2018-15473-Exploit https://github.com/r3dxpl0it/CVE-2018-15473 https://github.com/Sait-Nuri/CVE-2018-15473 https://github.com/LINYIKAI/CVE-2018-15473-exp https://github.com/MrDottt/CVE-2018-15473 https://github.com/yZ1337/CVE-2018-15473 https://github.com/1stPeak/CVE-2018-15473 https://github.com/0xrobiu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 5%CPEs: 16EXPL: 0

CVE-2016-10708 – openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service

https://notcve.org/view.php?id=CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. sshd en OpenSSH, en versiones anteriores a la 7.4, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del demonio) mediante un mensaje NEWKEYS fuera de secuencia, tal y como demuestra Honggfuzz, relacionado con kex.c y packet.c. • http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html http://www.securityfocus.com/bid/102780 https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10284 https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://security.netapp.com/advisory/ntap-20180423 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 5.3EPSS: 0%CPEs: 28EXPL: 0

CVE-2017-15906 – openssh: Improper write operations in readonly mode allow for zero-length file creation

https://notcve.org/view.php?id=CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero. • http://www.securityfocus.com/bid/101552 https://access.redhat.com/errata/RHSA-2018:0980 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://security.gentoo.org/glsa/201801-05 https://security.netapp.com/advisory/ntap-20180423-0004 https://www.openssh.com/txt/release-7.6 https://www.oracle.com/security-alerts/cpujan2020.html http • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10011 – openssh: Leak of host private key material to privilege-separated child process via realloc()

https://notcve.org/view.php?id=CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. authfile.c en sshd en OpenSSH en versiones anteriores a 7.4 no considera apropiadamente los efectos de realloc en el contenido de búfer, lo que podría permitir a usuarios locales obtener información sensible de clave privada aprovechando el acceso a un subproceso separado de privilegios. It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. • http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.securityfocus.com/bid/94977 http://www.securitytracker.com/id/1037490 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 https://access.redhat.com/errata/RHSA-2017:2029 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-320: Key Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10012 – openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support

https://notcve.org/view.php?id=CVE-2016-10012

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. El administrador de memoria compartida (asociado con la compresión de pre-autenticación) en sshd en OpenSSH en versiones anteriores a 7.4 no asegura que una verificación de límites sea ejecutada por todos los compiladores, lo que podría permitir a usuarios locales obtener privilegios aprovechando el acceso a un proceso separado de privilegios aislado, relacionado con las estructuras de datos m_zback y m_zlib. It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. • http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.securityfocus.com/bid/94975 http://www.securitytracker.com/id/1037490 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 https://access.redhat.com/errata/RHSA-2017:2029 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •