PT-2025-15885

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 10.0 Description: The issue arises from the DisableForwarding directive in sshd not following its documentation. Specifically, it does not properly disable X11 and agent forwarding as stated. Recommendations: For...

DSA-4387-1 openssh - security update

Bulletin has no description...

CVE-2010-5107

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service connection-slot exhaustion by periodically making many new TCP connections...

CVE-2006-0225

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

CVE-2003-0787

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges...

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

PT-2002-1085

Name of the Vulnerable Software and Affected Versions OpenSSH versions through 8.7 Description The issue allows remote attackers to test whether a certain combination of username and public key is known to an SSH server. This occurs because a challenge is sent only when that combination could be...