CVSS: 7.5EPSS: 1%CPEs: 78EXPL: 1CVE-2010-4478
https://notcve.org/view.php?id=CVE-2010-4478
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. OpenSSH v5.6 y versiones anteriores, si J-PAKE está activo, no valida apropiadamente los parámetros públicos en el protocolo J-PAKE, lo que permite a atacantes remotos evitar la necesidad de conocer el secreto compartido, y autenticarse con éxito, enviando valores modificados en cada turno del protocolo. Relacionado con CVE-2010-4252. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h https://bugzilla.redhat.com/show_bug.cgi?id=659297 https://github.com/seb-m/jpake https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 7%CPEs: 133EXPL: 0CVE-2008-4109
https://notcve.org/view.php?id=CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. Cierto parche de Debian para OpenSSH en versiones anteriores a 4.3p2-9etch3 en etch, y versiones anteriores a 4.6p1-1 en sid y lenny, que utiliza funciones que no son señales asíncronas seguras (async-signal-safe) en el gestor de señales para los tiempos de autentificado, el cual permite a los atacantes remotos causar una denegación de servicio (agotamiento de la ranura de conexión) a través de múltiples intentos de autenticación. NOTA: esto existe por una incorrecta solución de CVE-2006-5051. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://secunia.com/advisories/31885 http://secunia.com/advisories/32080 http://secunia.com/advisories/32181 http://www.debian.org/security/2008/dsa-1638 http://www.openwall.com/lists/oss-security/2024/07/01/3 http://www.securitytracker.com/id?1020891 http://www.ubuntu.com/usn/usn-649-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/4520 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 1.2EPSS: 0%CPEs: 71EXPL: 0CVE-2008-3259
https://notcve.org/view.php?id=CVE-2008-3259
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. OpenSSH anterior a 5.1 activa la opción del socket SO_REUSEADDR cuando la configuración X11UseLocalhost está desactivada, lo que permite a usuarios locales en determinadas plataformas, secuestrar el puerto de reenvío X11 a través de una única dirección IP como se ha demostrado sobre la plataforma HP-UX. • http://openssh.com/security.html http://secunia.com/advisories/31179 http://www.openssh.com/txt/release-5.1 http://www.securityfocus.com/bid/30339 http://www.securitytracker.com/id?1020537 http://www.vupen.com/english/advisories/2008/2148 https://exchange.xforce.ibmcloud.com/vulnerabilities/43940 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 0CVE-2007-4752 – openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails
https://notcve.org/view.php?id=CVE-2007-4752
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. ssh en OpenSSH anterior a 4.7 no maneja adecuadamente cuando una cookie no confiable no puede ser creada y utiliza una cookie X11 confiable en su lugar, lo cual permite a los atacantes violar políticas establecidas y obtener privilegios provocando que un cliente X sea tratado como confiable. • http://bugs.gentoo.org/show_bug.cgi?id=191321 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://secunia.com/advisories/27399 http://secunia.com/advisories/29420 http://secunia.com/advisories/30249 http://secunia.com/advisories/31575 http://secunia. • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2007-4654
https://notcve.org/view.php?id=CVE-2007-4654
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024. Vulnerabilidad no especificada en SSHield 1.6.1 con OpenSSH 3.0.2p1 sobre Cisco WebNS 8.20.0.1 sobre dispositivos Cisco Content Services Switch (CSS) series 11000 permite a atacantes remotos provocar denegación de servicio (agotamiento de la ranura de conexión y caida del dispositivo) a través de una serie de paquetes grandes diseñados para explotar el desbordamiento de detección de ataque de SSH CRC32 (CVE-2001-0144), posiblemente un asunto relacionado con CVE-2002-1024. • http://osvdb.org/45873 http://securityreason.com/securityalert/3091 http://www.securityfocus.com/archive/1/478165/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44542 • CWE-399: Resource Management Errors •