DSA-457 wu-ftpd - several vulnerabilities

Bulletin has no description...

SSH Communications Secure Shell vulnerable to DoS via malformed BER/DER packet

Overview SSH Communications' Secure Shell contains vulnerabilities in ASN.1 libraries that may allow remote attackers to cause a denial-of-service situation, or potentially execute arbitrary code on the server. Description SSH Communications' Secure Shell contains a vulnerability in the decoding ...

Vulnerability in OpenSSH daemon (sshd)

Overview A vulnerability in the OpenSSH daemon sshd may give remote attackers a better chance of gaining access to restricted resources. Description OpenSSH is an implementation of the Secure Shell protocol. It is used to provide strong authentication and cryptographically secure communications...

SSHD allows users to override "AllowedAuthentications" configuration thereby permitting users to provide any type of authentication

Overview A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers. Description SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers...

CVE-2001-1585

SSH protocol 2 aka SSH-2 public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as...

PT-2001-2669 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH version 2.3.1 Description: The issue concerns the SSH protocol 2 public key authentication in OpenSSH, which does not perform a challenge-response step to verify that the client has the proper private key. This allows remote attackers...

OpenSSH UseLogin directive permits privilege escalation

Overview OpenSSH is an implementation of the Secure Shell protocol. When OpenSSH is configured with the UseLogin directive equal to "yes", an intruder can execute arbitrary code with the privileges of OpenSSH, usually root. Description OpenSSH contains a vulnerability that permits an intruder to...

OpenSSH Security Advisory (adv.option)

Weakness in OpenSSH's source IP based access control for SSH protocol v2 public key authentication. 1. Systems affected: Versions of OpenSSH between 2.5.x and 2.9.x using the 'from=' key file option in combination with both RSA and DSA keys in /.ssh/authorizedkeys2. 2. Description: Depending on t...

SSH host key authentication can be bypassed when DNS is used to resolve localhost

Overview This vulnerability allows an attacker to redirect an SSH connection to an arbitary host. Description When making connections to localhost, SSH disables host key checking to provide compatibility with NFS filesystems. As a result, if the victim's machine uses a poisoned DNS server to...