Page 9 of 114 results (0.010 seconds)

CVSS: 8.5EPSS: 36%CPEs: 1EXPL: 1

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. Vulnerabilidad en la función kbdint_next_device en auth2-chall.c en sshd en OpenSSH hasta la versión 6.9, no restringe correctamente el procesamiento de dispositivos de teclado interactivo con una única conexión, lo cual facilita a atacantes remotos ejecutar un ataque de fuerza bruta o causar una denegación de servicio (mediante el consumo de la CPU) a través de una lista larga y redundante en la opción ssh -oKbdInteractiveDevices, según lo demostrado por una modificación en el cliente que provee una contraseña diferente para cada uno de los elementos pam de la lista. It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. • http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html http://lists& • CWE-264: Permissions, Privileges, and Access Controls CWE-304: Missing Critical Step in Authentication •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. Vulnerabilidad en la función x11_open_helper en channels.c en ssh en OpenSSH en versiones anteriores a 6.9, cuando no se utiliza el modo ForwardX11Trusted, carece de una verificación de tiempo límite para conexiones X, lo que facilita a atacantes remotos eludir la restricción destinada al acceso a través de una conexión fuera de la ventana de tiempo permitida. It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://openwall.com/lists/oss-security/2015/07/01/10 http://rhn.redhat.com/errata/RHSA-2016-0741.html http://www.openssh.com/txt/release-6.9 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/75525 http://www.securitytracker.com/id/1032797 http://www.ubuntu.com/usn&#x • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. El servidor OpenSSH, utilizado en Fedora y Red Hat Enterprise Linux 7 y cuando funciona en un entorno Kerberos, permite a usuarios remotos autenticados iniciar sesión como otro usuario cuando están listados en el fichero .k5users de ese usuario, lo que podría evadir los requisitos de autenticación que forzaría un inicio de sesión local. It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions. • http://rhn.redhat.com/errata/RHSA-2015-0425.html http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855 http://www.openwall.com/lists/oss-security/2014/12/02/3 http://www.openwall.com/lists/oss-security/2014/12/04/17 http://www.securityfocus.com/bid/71420 https://bugzilla.mindrot.org/show_bug.cgi?id=1867 https://bugzilla.redhat.com/show_bug.cgi?id=1169843 https://exchange.xforce.ibmcloud.com/vulnerabilities/99090 https://access.redhat.com/security/cve/CVE • CWE-287: Improper Authentication •

CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 1

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. La función verify_host_key en sshconnect.c en el cliente en OpenSSH 6.6 y anteriores permite a servidores remotos provocar la evasión de la comprobación SSHFP DNS RR mediante la presentación de HostCertificate no aceptable. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. • http://advisories.mageia.org/MGASA-2014-0166.html http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html http://marc.info/?l=bugtraq&m=141576985122836&w=2 http://openwall.com/lists/oss-security/2014/03/26/7 http://rhn.redhat.com/errata/RHSA-2014-1552.html http://rhn.redhat.com/errata/RHSA-2015-0425.html h • CWE-20: Improper Input Validation CWE-287: Improper Authentication •

CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. sshd en OpenSSH anterior a 6.6 no soporta debidamente comodines en líneas AcceptEnv en sshd_config, lo que permite a atacantes remotos evadir restricciones de entorno mediante el uso de una subcadena localizada antes de un caracter de comodín. It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. • http://advisories.mageia.org/MGASA-2014-0143.html http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html http://marc.info/?l=bugtraq&m=141576985122836&w=2 http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2 http://rhn.redhat.com& • CWE-138: Improper Neutralization of Special Elements CWE-264: Permissions, Privileges, and Access Controls •