RHEL 5 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices CVE-2015-5600 - openssh:...

SUSE: Security Advisory (SUSE-SU-2016:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in OpenSSH affect IBM i (CVE-2016-1907, CVE-2016-1908, CVE-2016-3115)

Summary OpenSSH vulnerabilities affect IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11...

[SECURITY] [DLA 1500-2] openssh regression update

Package : openssh Version : 1:6.7p1-5+deb8u7 Debian Bug : 908652 The security update of OpenSSH announced as DLA 1500-1 introduced a bug in openssh-client: when X11 forwarding is enabled via system-wide configuration in sshconfig or via -X command line switch, but no DISPLAY is set, the client...

Debian DLA-1500-2 : openssh regression update

The security update of OpenSSH announced as DLA 1500-1 introduced a bug in openssh-client: when X11 forwarding is enabled via system-wide configuration in sshconfig or via -X command line switch, but no DISPLAY is set, the client produces a 'DISPLAY 'null' invalid; disabling X11 forwarding'...

Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)

Summary Vulnerabilities have been identified in OpenSSH. IBM Security Access Manager for Mobile uses OpenSSH and is affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the...

Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)

Summary Vulnerabilities have been identified in OpenSSH. IBM Security Access Manager for Web uses OpenSSH and is affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-3115 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the...

DEBIAN-CVE-2016-1908

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues ...

CVE-2016-1908

OpenSSH CVE-2016-1908 affects the OpenSSH client before 7.2, where cookie generation for untrusted X11 forwarding can be mishandled when the local X server lacks the SECURITY extension. This could allow remote X11 clients to trigger a fallback to trusted forwarding, bypassing intended access cont...

SUSE SLES11 Security Update : openssh (SUSE-SU-2016:1528-1)

openssh was updated to fix three security issues. These security issues were fixed : - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related t...

Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160510)

Security Fixes : - It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested...

openSUSE Security Update : openssh (openSUSE-2016-668)

This update for OpenSSH fixes three security issues. These security issues were fixed : - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...

SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2016:1386-1)

This update for OpenSSH fixes three security issues. These security issues were fixed : - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...

SUSE-SU-2016:1386-1 Security update for openssh

This update for OpenSSH fixes three security issues. These security issues were fixed: - CVE-2016-3115: Sanitise input for xauth1 bsc970632 - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections bsc962313 - CVE-2015-8325: Ignore PAM environment when using login...

openssh, pam_ssh_agent_auth security update

CentOS Errata and Security Advisory CESA-2016:0741 An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RedHat Update for openssh RHSA-2016:0741-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2966-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: openssh

Issue Overview: An access flaw was discovered in the OpenSSH client where it did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the loc...

Oracle: Security Advisory (ELSA-2016-0465)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : openssh (CESA-2016:0465)

Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...