CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 1CVE-2014-2653 – openssh: failure to check DNS SSHFP records in certain scenarios
https://notcve.org/view.php?id=CVE-2014-2653
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. La función verify_host_key en sshconnect.c en el cliente en OpenSSH 6.6 y anteriores permite a servidores remotos provocar la evasión de la comprobación SSHFP DNS RR mediante la presentación de HostCertificate no aceptable. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. • http://advisories.mageia.org/MGASA-2014-0166.html http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html http://marc.info/?l=bugtraq&m=141576985122836&w=2 http://openwall.com/lists/oss-security/2014/03/26/7 http://rhn.redhat.com/errata/RHSA-2014-1552.html http://rhn.redhat.com/errata/RHSA-2015-0425.html h • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2532 – openssh: AcceptEnv environment restriction bypass flaw
https://notcve.org/view.php?id=CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. sshd en OpenSSH anterior a 6.6 no soporta debidamente comodines en líneas AcceptEnv en sshd_config, lo que permite a atacantes remotos evadir restricciones de entorno mediante el uso de una subcadena localizada antes de un caracter de comodín. It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. • http://advisories.mageia.org/MGASA-2014-0143.html http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html http://marc.info/?l=bugtraq&m=141576985122836&w=2 http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2 http://rhn.redhat.com& • CWE-138: Improper Neutralization of Special Elements CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 80EXPL: 0CVE-2011-4327
https://notcve.org/view.php?id=CVE-2011-4327
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. ssh-keysign.c en ssh-keysign en OpenSSH anterior a 5.8p2 en ciertas plataformas ejecuta ssh-rand-helper con descriptores de archivos abiertos no deseados, lo cual permite a usuarios locales obtener información clave sensible a través de la llamada al sistema ptrace. • http://www.openssh.com/txt/portable-keysign-rand-helper.adv https://bugzilla.redhat.com/show_bug.cgi?id=755640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2014-1692
https://notcve.org/view.php?id=CVE-2014-1692
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition. La función hash_buffer en schnorr.c en OpenSSH hasta 6.4 cuando Makefile.inc se modifica para habilitar el protocolo J-PAKE, no inicializa ciertas estructuras de datos, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o tienen impacto no especificado a través de vectores que provocan una condición de error. • http://marc.info/?l=bugtraq&m=141576985122836&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2014/01/29/10 http://openwall.com/lists/oss-security/2014/01/29/2 http://osvdb.org/102611 http://secunia.com/advisories/60184 http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h http://www.openbsd.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 7%CPEs: 83EXPL: 0CVE-2010-5107 – openssh: Prevent connection slot exhaustion attacks
https://notcve.org/view.php?id=CVE-2010-5107
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. La configuración por defecto de OpenSSH hasta v6.1 impone un límite de tiempo fijado entre el establecimiento de una conexión TCP y el inicio de sesión, lo que hace que sea más fácil para los atacantes remotos provocar una denegación de servicio periódicamente haciendo muchas conexiones TCP nuevas. • http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://rhn.redhat.com/errata/RHSA-2013-1591.html http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89 http://www.openwall.com/lists/oss-security/2013/02/07/3 http://www.oracle.com/technetwork/t • CWE-400: Uncontrolled Resource Consumption •