Page 6 of 114 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. El administrador de memoria compartida (asociado con la compresión de pre-autenticación) en sshd en OpenSSH en versiones anteriores a 7.4 no asegura que una verificación de límites sea ejecutada por todos los compiladores, lo que podría permitir a usuarios locales obtener privilegios aprovechando el acceso a un proceso separado de privilegios aislado, relacionado con las estructuras de datos m_zback y m_zlib. It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. • http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.securityfocus.com/bid/94975 http://www.securitytracker.com/id/1037490 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 https://access.redhat.com/errata/RHSA-2017:2029 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. sshd en OpenSSH en versiones anteriores a 7.4, cuando no se utiliza la separación de privilegios, crea Unix-domain sockets reenviados como root, lo que podría permitir a usuarios locales obtener privilegios a través de vectores no especificados, relacionado con serverloop.c. • https://www.exploit-db.com/exploits/40962 http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.securityfocus.com/bid/94972 http://www.securitytracker.com/id/1037490 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. Vulnerabilidad de ruta de búsqueda no confiable en ssh-agent.c en ssh-agent en OpenSSH en versiones anteriores a 7.4 permite a atacantes remotos ejecutar modulos locales PKCS#11 arbitrarios aprovechando el control sobre un agent-socket reenviado. It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. The OpenSSH agent permits its clients to load PKCS11 providers using the commands SSH_AGENTC_ADD_SMARTCARD_KEY and SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED if OpenSSH was compiled with the ENABLE_PKCS11 flag (normally enabled) and the agent isn't locked. • https://www.exploit-db.com/exploits/40963 http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2023/Jul/31 http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.openwall.com/lists/oss-security/2023/07/19/9 http://www.openwall.com/lists/oss-security/2023/07/20/1 http://www.securityfocus.com/bid/94968 http&# • CWE-426: Untrusted Search Path •

CVSS: 7.8EPSS: 78%CPEs: 6EXPL: 0

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." ** DISPUTADA ** La función kex_input_kexinit en kex.c en OpenSSH 6.x y 7.x hasta la versión 7.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) enviando muchas peticiones duplicadas KEXINIT. NOTA: un tercero reporta que "OpenSSH upstream no considera esto como un problema de seguridad". • http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127&f=h http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup http://www.openwall.com/lists/oss-security/2016/10/19/3 http://www.openwall.com/lists/oss-security/2016/10/20/1 http://www.securityfocus.com/bid/93776 http://www.securitytracker.com/id/1037057 https://bugzilla.redhat.com/show_bug.cgi?id=1384860 https: • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 2

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. La función auth_password en auth-passwd.c en sshd en OpenSSH en versiones anteriores a 7.3 no limita longitudes de contraseña para autenticación de contraseña, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU clave) a través de una cadena larga. It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. • https://www.exploit-db.com/exploits/40888 https://github.com/opsxcq/exploit-CVE-2016-6515 http://openwall.com/lists/oss-security/2016/08/01/2 http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/92212 http://www.securitytracker.com/id/1036487 https://access.redhat.com/errata/RHSA-2017:2029 https://cert-portal.siemens.com/productcert/pdf/ssa-412672& • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •