34 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-2653
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by...
SUSE CVE-2014-2653
The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...
Security Bulletin: Vulnerabilities in Open Secure Shell for GPFS V3.5 on Windows (CVE-2014-2653, CVE-2014-2532)
Summary Security vulnerabilities have been identified in the level of OpenSSH that is currently shipped with GPFS V3.5.0.11, or later, on Windows. The current level of OpenSSH could allow a remote attacker to bypass security restrictions caused by: - CVE-2014-2653 an error in the SSH client when...
SUSE: Security Advisory (SUSE-SU-2014:0818-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Security vulnerabilities in Open SSL, OpenSSH and curl affect the Integrated Management Module II (IMM2)
Summary Security vulnerabilities in Open SSL, OpenSSH and curl affect the Integrated Management Module II IMM2. Vulnerability Details Abstract Security vulnerabilities in Open SSL, OpenSSH and curl affect the Integrated Management Module II IMM2. Vulnerability Details CVE-ID: CVE-2014-2653...
F5 Networks BIG-IP : OpenSSH vulnerabilities (K15780)
CVE-2014-2653 The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. CVE-2014-2532 sshd in OpenSSH before 6.6 does not properly support wildcards on...
Oracle: Security Advisory (ELSA-2015-0425)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2014-1552)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:16.openssh Security Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: openssh Announced: 2015-07-28, revised on...
FreeBSD-SA-15:16.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:16.openssh Security Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: openssh Announced: 2015-07-28, revised on...
Mandriva Linux Security Advisory : openssh (MDVSA-2015:095)
Updated openssh packages fix security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character CVE-2014-2532...
CentOS 7 : openssh (CESA-2015:0425)
Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Oracle Linux 7 : openssh (ELSA-2015-0425)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0425 advisory. - add new option GSSAPIEnablek5users and disable using /.k5users by default CVE-2014-9278 1169843 - prevent a server from skipping SSHFP lookup -...
RedHat Update for openssh RHSA-2015:0425-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 : openssh (CESA-2014:1552)
Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
OpenSSH SSHFP Record Verification Weakness
According to its banner, the version of OpenSSH running on the remote host is 6.1 through 6.6. It is, therefore, affected by a host verification bypass vulnerability related to SSHFP and certificates that could allow a malicious SSH server to cause the supplied client to inappropriately trust the...
[slackware-security] openssh
New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssh-6.7p1-i486-1slack14.1.txz: Upgraded. This update fixes a security issue that allows remote servers...
Oracle Linux 6 : openssh (ELSA-2014-1552)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1552 advisory. - prevent a server from skipping SSHFP lookup 1081338 CVE-2014-2653 - ignore environment variables with embedded '=' or '\0' characters CVE-2014-2532...
openssh security, bug fix, and enhancement update
5.3p1-104 - ignore SIGXFSZ in postauth monitor child 1133906 5.3p1-103 - don't try to generate DSA keys in the init script in FIPS mode 1118735 5.3p1-102 - ignore SIGPIPE in ssh-keyscan 1108836 5.3p1-101 - ssh-add: fix fatal exit when removing card 1042519 5.3p1-100 - fix race in backported...
Medium: openssh
Issue Overview: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. The verifyhostkey function in sshconnect.c in the...