Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201405-06
HistoryMay 11, 2014 - 12:00 a.m.

OpenSSH: Multiple vulnerabilities

2014-05-1100:00:00
Gentoo Foundation
security.gentoo.org
101

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.123 Low

EPSS

Percentile

95.3%

JSON

Background

OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support.

Description

Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or bypass environment restrictions.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1"

NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/openssh<ย 6.6_p1-r1UNKNOWN

Related

nessus 58
openvas 45
ibm 8
securityvulns 6
f5 14
veracode 4
redhat 4
debiancve 6
fedora 4
checkpoint_security 1
oraclelinux 5
seebug 2
centos 4
checkpoint_advisories 2
prion 7
ubuntucve 6
cve 7
amazon 2
metasploit 1
ubuntu 1
slackware 1
mageia 1
hackerone 1
attackerkb 1
aix 2
debian 3
osv 1
packetstorm 1
rosalinux 1
nessus
nessus
GLSA-201405-06 : OpenSSH: Multiple vulnerabilities
2014-05-12 00:00:00
OpenSSH < 5.9 Multiple DoS
2019-08-21 00:00:00
OpenSSH < 5.9 Multiple DoS
2011-11-18 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201405-06
2015-09-29 00:00:00
OpenSSH <= 5.8 Multiple DoS Vulnerabilities
2014-04-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1042-1)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: IBM System x and Flex Systems OpenSSH Vulnerabilities (CVE-2012-0814, CVE-2008-5161)
2019-01-30 08:05:01
Security Bulletin: Flex System Manager (FSM) vulnerability allows a denial of service attack (CVE-2010-5107)
2019-01-30 08:20:01
Security Bulletin: CBC mode ciphers, weak MD5 and MAC algorithms vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2008-5161)
2018-06-16 21:38:50
securityvulns
securityvulns
OpenSSH security vulnerabilities
2013-03-24 00:00:00
[ MDVSA-2013:022 ] openssh
2013-03-24 00:00:00
[USN-2155-1] OpenSSH vulnerability
2014-03-27 00:00:00
f5
f5
SOL14317 - OpenSSH J-PAKE vulnerability CVE-2010-4478
2013-03-27 00:00:00
OpenSSH J-PAKE vulnerability CVE-2010-4478
2013-03-28 07:51:00
SOL14741 - OpenSSH vulnerability CVE-2010-5107
2013-10-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:51:36
Man-in-the-Middle (MitM)
2020-04-10 00:36:07
Denial Of Service (DoS)
2019-01-15 08:52:41
redhat
redhat
(RHSA-2013:1591) Low: openssh security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2012:0884) Low: openssh security, bug fix, and enhancement update
2012-06-20 00:00:00
(RHSA-2009:1287) Low: openssh security, bug fix, and enhancement update
2009-09-02 03:02:33
debiancve
debiancve
CVE-2010-5107
2013-03-07 20:55:00
CVE-2011-5000
2012-04-05 14:55:00
CVE-2008-5161
2008-11-19 17:30:00
fedora
fedora
[SECURITY] Fedora 17 Update: openssh-5.9p1-29.fc17
2013-02-26 02:47:11
[SECURITY] Fedora 18 Update: openssh-6.1p1-5.fc18
2013-02-13 04:33:12
[SECURITY] Fedora 20 Update: openssh-6.4p1-4.fc20
2014-05-21 23:23:52
checkpoint_security
checkpoint_security
Check Point response to OpenSSH CBC Mode Information Disclosure Vulnerability (CVE-2008-5161)
2008-11-20 22:00:00
oraclelinux
oraclelinux
openssh security update
2016-02-24 00:00:00
openssh security, bug fix, and enhancement update
2013-11-26 00:00:00
openssh security, bug fix, and enhancement update
2012-06-27 00:00:00
seebug
seebug
OpenSSH้ป˜่ฎคๆœๅŠกๅ™จ้…็ฝฎๆ‹’็ปๆœๅŠกๆผๆดž(CVE-2010-5107)
2013-02-28 00:00:00
OpenSSH 'child_set_env()'ๅ‡ฝๆ•ฐๅฎ‰ๅ…จ็ป•่ฟ‡ๆผๆดž
2014-03-25 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2013-11-26 13:32:28
openssh, pam_ssh_agent_auth security update
2012-07-10 17:25:37
openssh security update
2009-09-15 18:27:52
checkpoint_advisories
checkpoint_advisories
OpenSSH maxstartup Threshold Connection Exhaustion denial of service (CVE-2010-5107)
2013-10-27 00:00:00
OpenSSH maxstartup Threshold Connection Exhaustion Denial of Service - ver 2 (CVE-2010-5107)
2013-10-27 00:00:00
prion
prion
Default configuration
2013-03-07 20:55:00
Authentication flaw
2012-04-05 14:55:00
Code injection
2008-11-19 17:30:00
ubuntucve
ubuntucve
CVE-2010-5107
2013-03-07 00:00:00
CVE-2011-5000
2012-04-05 00:00:00
CVE-2008-5161
2008-11-19 00:00:00
cve
cve
CVE-2010-5107
2013-03-07 20:55:00
CVE-2011-5000
2012-04-05 14:55:00
CVE-2008-5161
2008-11-19 17:30:00
amazon
amazon
Medium: openssh
2012-07-05 16:18:00
Medium: openssh
2014-07-09 16:32:00
metasploit
metasploit
SSH Version Scanner
2010-01-15 03:25:34
ubuntu
ubuntu
OpenSSH vulnerability
2014-03-25 00:00:00
slackware
slackware
[slackware-security] openssh
2014-03-28 22:55:11
mageia
mageia
Updated openssh packages fix CVE-2014-2532
2014-03-31 23:38:10
hackerone
hackerone
Greenhouse.io: openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io
2014-08-18 04:04:39
attackerkb
attackerkb
CVE-2010-4478
2010-12-06 00:00:00
aix
aix
AIX OpenSSH Vulnerability
2013-04-08 15:19:58
AIX OpenSSH Vulnerability
2014-06-17 04:07:12
debian
debian
[SECURITY] [DSA 2894-1] openssh security update
2014-04-05 15:06:01
[SECURITY] [DSA 2894-1] openssh security update
2014-04-05 15:06:01
[BSA-095] Security Update for openssh
2014-04-30 10:16:12
osv
osv
openssh - security update
2014-04-05 00:00:00
packetstorm
packetstorm
Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion
2011-05-03 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.123 Low

EPSS

Percentile

95.3%

JSON
Related for GLSA-201405-06
nessus58openvas45ibm8securityvulns6f514veracode4redhat4debiancve6fedora4checkpoint_security1oraclelinux5seebug2centos4checkpoint_advisories2prion7ubuntucve6cve7amazon2metasploit1ubuntu1slackware1mageia1hackerone1attackerkb1aix2debian3osv1packetstorm1rosalinux1