6 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-5600
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a...
Important: openssh
Issue Overview: A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various...
PT-2022-10510
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 8.9 Description An issue was discovered in OpenSSH where a client using public-key authentication with agent forwarding but without -oLogLevel=verbose may be unable to determine whether FIDO authentication is confirmi...
CVE-2016-3115
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...
SUSE-SA:2003:038: openssh
The remote host is missing the patch for the advisory SUSE-SA:2003:038 openssh. The openssh package is the most widely used implementation of the secure shell protocol family ssh. It provides a set of network connectivity tools for remote shell login, designed to substitute the traditional...
OpenSSH 2.x/3.x - Kerberos 4 TGT/AFS Token Buffer Overflow
source: https://www.securityfocus.com/bid/4560/info A buffer overflow condition exists in the OpenSSH server. The condition is exploitable by attackers with valid user credentials in versions 2.9.9 and higher. Exploitation does not require valid user credentials in versions prior to 2.9.9. The...