CVSS: 4.0EPSS: 0%CPEs: 84EXPL: 3CVE-2010-4755
https://notcve.org/view.php?id=CVE-2010-4755
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. La (1) función remote_glob en sftp-glob.c y (2) la función process_put en sftp.c en OpenSSH v5.8 y versiones anteriores, como se usa en FreeBSD v7.3 y v8.1, NetBSD v5.0.2, OpenBSD v4.7 y otros productos, permiten a usuarios remotos autenticados causar una denegación de servicio (por excesivo uso de CPU y consumo de memoria) a través de expresiones glob debidamente modificadas que no coinciden con ningún nombre de ruta, como lo demuestran las expresiones glob en las solicitudes SSH_FXP_STAT a un demonio de sftp. Se trata de una vulnerabilidad diferente a CVE-2010-2632. • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1 http://cxib.net/stuff/glob-0day.c http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc http://securityreason.com/achievement_securityalert/89 http://securityreason.com/exploitalert/9223 http://securityreason.com/securityalert/8116 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 78EXPL: 1CVE-2010-4478
https://notcve.org/view.php?id=CVE-2010-4478
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. OpenSSH v5.6 y versiones anteriores, si J-PAKE está activo, no valida apropiadamente los parámetros públicos en el protocolo J-PAKE, lo que permite a atacantes remotos evitar la necesidad de conocer el secreto compartido, y autenticarse con éxito, enviando valores modificados en cada turno del protocolo. Relacionado con CVE-2010-4252. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h https://bugzilla.redhat.com/show_bug.cgi?id=659297 https://github.com/seb-m/jpake https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 4%CPEs: 9EXPL: 0CVE-2006-0883
https://notcve.org/view.php?id=CVE-2006-0883
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc http://bugzilla.mindrot.org/show_bug.cgi?id=839 http://securityreason.com/securityalert/520 http://securitytracker.com/id?1015706 http://www.osvdb.org/23797 http://www.securityfocus.com/bid/16892 http://www.vupen.com/english/advisories/2006/0805 https://exchange.xforce.ibmcloud.com/vulnerabilities/25116 • CWE-399: Resource Management Errors •