Debian: Security Advisory (DSA-457)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authentication flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...

CVE-2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...

CVE-2001-1585

CVE-2001-1585: OpenSSH 2.3.1 development snapshot (2001-01-18 to 2001-02-08) exposes a flaw in SSH protocol 2 public key authentication: it does not perform a challenge–response step to verify the client’s private key, allowing remote attackers to bypass authentication by using a public key from ...

PT-2007-3578 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 4.6 and earlier Description: The issue allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY. This is because S/KEY displays a different response if the user account exist...

OpenSSH account enumeration

S/Key is requested only for existing user account, if S/Key authentication is used...

OpenSSH s/key Weakness

/ / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Rembrandt Date : 2007-04-21 Affected Software: openssh propably other implementations as well Affected ...

wu-ftpd S/KEY authentication overflow

The remote Wu-FTPd server seems to be vulnerable to a remote overflow. This version contains a remote overflow if s/key support is enabled. The skeychallenge function fails to perform bounds checking on the name variable resulting in a buffer overflow. With a specially crafted request, an attacke...

wu-ftpd S/KEY authentication overflow

The remote Wu-FTPd server seems to be vulnerable to a remote overflow. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2005-2770

WRQ Reflection for Secure IT Windows Server 6.0 formerly known as F-Secure SSH server does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login...

CVE-2005-2770

WRQ Reflection for Secure IT Windows Server 6.0 formerly known as F-Secure SSH server does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login...

Juniper NetScreen 5.0 - VPN Username Enumeration

Juniper NetScreen 5.0 - VPN Username Enumeration source: https://www.securityfocus.com/bid/14595/info The Juniper Netscreen VPN implementation will identify valid usernames in IKE aggressive mode, when pre-shared key authentication is used. This allows for attackers to obtain a list of valid VPN...

[Full-disclosure] Juniper Netscreen VPN Username Enumeration Vulnerability

Juniper Netscreen VPN Username Enumeration Vulnerability 1. Overview NTA Monitor has discovered a VPN username enumeration vulnerability in the Juniper Netscreen integrated Firewall/VPN products while performing a VPN security test for a customer. The vulnerability affects remote access VPNs know...

MRV In-Reach console server: Port Access Control Bypass Vulnerability

Hi, this is another bug I encountered during my research on console servers. Summary: Port Access Control Bypass Vulnerability on MRVs In-Reach console servers. Details: MRV's In-Reach console servers come with feature that enables access to their ports by ssh public keys. As opposed to e.g...

RHEL 2.1 : openssh (RHSA-2005:481)

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol...

openssh security update

CentOS Errata and Security Advisory CESA-2005:481-01 Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team...

openssh security update

CentOS Errata and Security Advisory CESA-2005:106 Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH i...

OpenSSH < 2.3.2 SSHv2 Public Key Authentication Bypass

Binary data 1985.prm...

multiple wu-ftpd bugs

Local user can bypass root directory protection, buffer overflow on S/Key authentication...

Important: Red Hat Security Advisory: wu-ftpd security update

An updated wu-ftpd package that fixes two security issues is now available. The wu-ftpd package contains the Washington University FTP File Transfer Protocol server daemon. FTP is a method of transferring files between machines. Glenn Stewart discovered a flaw in wu-ftpd. When configured with...