Lucene search

[email protected]CVE-2005-2797

HistorySep 06, 2005 - 5:03 p.m.

CVE-2005-2797

2005-09-0617:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

openssh

cve-2005-2797

dynamic port forwarding

gatewayports

security vulnerability

nvd

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.8%

JSON

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding (“-D” option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

CPENameOperatorVersion
openbsd:opensshopenbsd openssheq4.0

CPE	Name	Operator	Version
openbsd:openssh	openbsd openssh	eq	4.0

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt

marc.info/?l=bugtraq&m=112605977304049&w=2

secunia.com/advisories/16686

secunia.com/advisories/18010

secunia.com/advisories/18661

secunia.com/advisories/19243

securitytracker.com/id?1014845

support.avaya.com/elmodocs2/security/ASA-2006-033.htm

www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html

www.osvdb.org/19142

www.securityfocus.com/bid/14727

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.8%

JSON

Related for CVE-2005-2797

openvas2 debiancve1 ubuntucve1 nessus4