EUVD-2014-2685

Malware in sbrugna...

F5 Networks BIG-IP : OpenSSH vulnerabilities (K15780)

CVE-2014-2653 The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. CVE-2014-2532 sshd in OpenSSH before 6.6 does not properly support wildcards on...

Amazon Linux: Security Advisory (ALAS-2014-369)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Linux Security Advisory : openssh (MDVSA-2015:095)

Updated openssh packages fix security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character CVE-2014-2532...

Amazon Linux AMI : openssh (ALAS-2014-369)

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. The verifyhostkey function in sshconnect.c in the client in OpenSSH...

Medium: openssh

Issue Overview: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. The verifyhostkey function in sshconnect.c in the...

[BSA-095] Security Update for openssh

Colin Watson uploaded new packages for openssh which fixed the following security problems: CVE-2014-2532 DSA-2894-1 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable...

Mandriva Linux Security Advisory : openssh (MDVSA-2014:068)

Updated openssh packages fixes security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

OpenSSH Certificate Validation Security Bypass Vulnerability

OpenSSH is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

Updated openssh packages fix CVE-2014-2653

Updated openssh packages fix security vulnerability: Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a...

MGASA-2014-0166 Updated openssh packages fix CVE-2014-2653

Updated openssh packages fix security vulnerability: Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a...

[SECURITY] [DSA 2894-1] openssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2894-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 05, 2014 http://www.debian.org/security/faq -...

DSA-2894-1 openssh - security update

Bulletin has no description...

CVE-2014-2653

The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...

DEBIAN-CVE-2014-2653

The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...

Code injection

The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...

CVE-2014-2653

The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...

CVE-2014-2653

The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...

PT-2014-1797

Name of the Vulnerable Software and Affected Versions OpenSSH versions 6.6 and earlier Description The issue allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. This can lead to a bypass of security restrictions. Exploitation of th...