27 matches found
RHEL 5 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices CVE-2015-5600 - openssh:...
SUSE: Security Advisory (SUSE-SU-2016:2555-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerabilities in OpenSSH affect IBM i (CVE-2016-1907, CVE-2016-1908, CVE-2016-3115)
Summary OpenSSH vulnerabilities affect IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11...
[SECURITY] [DLA 1500-2] openssh regression update
Package : openssh Version : 1:6.7p1-5+deb8u7 Debian Bug : 908652 The security update of OpenSSH announced as DLA 1500-1 introduced a bug in openssh-client: when X11 forwarding is enabled via system-wide configuration in sshconfig or via -X command line switch, but no DISPLAY is set, the client...
Debian DLA-1500-2 : openssh regression update
The security update of OpenSSH announced as DLA 1500-1 introduced a bug in openssh-client: when X11 forwarding is enabled via system-wide configuration in sshconfig or via -X command line switch, but no DISPLAY is set, the client produces a 'DISPLAY 'null' invalid; disabling X11 forwarding'...
Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)
Summary Vulnerabilities have been identified in OpenSSH. IBM Security Access Manager for Mobile uses OpenSSH and is affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the...
Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)
Summary Vulnerabilities have been identified in OpenSSH. IBM Security Access Manager for Web uses OpenSSH and is affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the...
DEBIAN-CVE-2016-1908
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues ...
CVE-2016-1908
OpenSSH CVE-2016-1908 affects the OpenSSH client before 7.2, where cookie generation for untrusted X11 forwarding can be mishandled when the local X server lacks the SECURITY extension. This could allow remote X11 clients to trigger a fallback to trusted forwarding, bypassing intended access cont...
SUSE SLES11 Security Update : openssh (SUSE-SU-2016:1528-1)
openssh was updated to fix three security issues. These security issues were fixed : - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related t...
Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160510)
Security Fixes : - It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested...
openSUSE Security Update : openssh (openSUSE-2016-668)
This update for OpenSSH fixes three security issues. These security issues were fixed : - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...
SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2016:1386-1)
This update for OpenSSH fixes three security issues. These security issues were fixed : - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...
SUSE-SU-2016:1386-1 Security update for openssh
This update for OpenSSH fixes three security issues. These security issues were fixed: - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...
openssh, pam_ssh_agent_auth security update
CentOS Errata and Security Advisory CESA-2016:0741 An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RedHat Update for openssh RHSA-2016:0741-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2966-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: openssh
Issue Overview: An access flaw was discovered in the OpenSSH client where it did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the loc...
Oracle: Security Advisory (ELSA-2016-0465)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 7 : openssh (ELSA-2016-0465)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0465 advisory. - CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding 1298741 Tenable has extracted the preceding description block directly from...