DEBIAN-CVE-2008-1657

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshdconfig ForceCommand directive by modifying the .ssh/rc session file...

unsafe GSSAPI signal handler

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials. SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the knownhosts file, which makes it easier for an attacker that...

DEBIAN-CVE-2002-0640

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication PAMAuthenticationViaKbdInt...

CVE-2000-0525

Overview OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. Remediation There is no fixed version for openssh. References - Archives.neohapsis.com - Openbsd.org - Osvdb.o...