OpenSSH <= 3.7.1p2 Security Vulnerability

OpenSSH is susceptible to a remote denial-of-service vulnerability. This issue is due to a design flaw when servicing timeouts related to the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

FreeBSD -- OpenSSH Remote Denial of Service vulnerability

Problem Description: When processing the SSHMSGKEXINIT message, the server could allocate up to a few hundreds of megabytes of memory per each connection, before any authentication take place. Impact: A remote attacker may be able to cause a SSH server to allocate an excessive amount of memory...

OracleVM 3.3 / 3.4 : openssh (OVMSA-2016-0038)

The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices 1245969 - CVE-2016-3115: missing sanitisation of input for X11 forwarding 1317816 - SSH2MSGDISCONNECT for user initiate...

OracleVM 3.2 : openssh (OVMSA-2016-0030)

The remote OracleVM system is missing necessary patches to address critical security updates : - change default value of MaxStartups - CVE-2010-5107 John Haxby - improve RNG seeding from /dev/random 681291,708056 - make ssh1's ConnectTimeout option apply to both the TCP connection and SSH banner...

Oracle Linux 5 : openssh (ELSA-2016-3521)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3521 advisory. 4.3p2-82.0.1 - change default value of MaxStartups - CVE-2010-5107 John Haxby orabug 22766491 Tenable has extracted the preceding description block directly fro...

openssh security update

4.3p2-82.0.1 - change default value of MaxStartups - CVE-2010-5107 John Haxby orabug 22766491...

Oracle Linux 6 : openssh (ELSA-2013-1591)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1591 advisory. - change default value of MaxStartups - CVE-2010-5107 - 908707 Tenable has extracted the preceding description block directly from the Oracle Linux security...

SOL14741 - OpenSSH vulnerability CVE-2010-5107

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Fedora 17 : openssh-5.9p1-29.fc17 (2013-2206)

This update changes default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections - CVE-2010-5107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora 18 : openssh-6.1p1-5.fc18 (2013-2212)

This update changes default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections - CVE-2010-5107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

FreeBSD : openssh -- multiple vulnerabilities (32db37a5-50c3-11db-acf3-000c6ec775d9)

Problem Description The CRC compensation attack detector in the sshd8 daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. CVE-2006-4924 A race condition exists in a signal handler used by the sshd8 daemon to handle the LoginGraceTime option,...