Lucene search
+L

6412 matches found

securityvulns
securityvulns
added 2002/03/09 12:0 a.m.26 views

[PINE-CERT-20020301] OpenSSH off-by-one

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------------- Pine Internet Security Advisory - ----------------------------------------------------------------------------- Advisory ID : PINE-CERT-20020301 Authors : Joost Pol...

7.5AI score
Exploits0
debian
debian
added 2002/03/08 8:35 p.m.14 views

[SECURITY] [DSA 119-1] ssh channel bug

Package: openssh Vulnerability: local root exploit, remote client exploit Debian-specific: no Joost Pol [email protected] reports that OpenSSH versions 2.0 through 3.0.2 have an off-by-one bug in the channel allocation code. This vulnerability can be exploited by authenticated users to gain root...

5.8AI score
Exploits0
slackware
slackware
added 2002/03/07 4:51 p.m.15 views

OpenSSH security problem fixed

New openssh packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Thu Mar 7 12:00:18 PST 2002 patches/packages/openssh.tgz: Upgraded to openssh-3.1p1. This fixes a security problem in the openssh package. All sites...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2002/03/07 12:0 a.m.20 views

OpenSSH 2.x3.0.13.0.2 - Channel Code Off-by-One

OpenSSH 2.x3.0.13.0.2 - Channel Code Off-by-One source: https://www.securityfocus.com/bid/4241/info OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris,...

7.5AI score
Exploits0
exploitdb
exploitdb
added 2002/03/07 12:0 a.m.145 views

OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-by-One

source: https://www.securityfocus.com/bid/4241/info OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems. A...

7.4AI score
Exploits0
freebsd_advisory
freebsd_advisory
added 2002/03/07 12:0 a.m.19 views

FreeBSD-SA-02:13.openssh

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:13 Security Advisory FreeBSD, Inc. Topic: OpenSSH contains exploitable off-by-one bug Category: core, ports Module: openssh, portsopenssh, openssh-portable Announced:...

10CVSS7.5AI score0.14804EPSS
Exploits0
cert
cert
added 2002/03/07 12:0 a.m.39 views

OpenSSH contains a one-off overflow of an array in the channel handling code

Overview OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server. Description OpenSSH versions 2.0 - 3.0.2 contain a one-off overflow of an array in the code that handl...

10CVSS9.4AI score0.14804EPSS
Exploits0References3
nessus
nessus
added 2002/03/07 12:0 a.m.209 views

OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation

You are running a version of OpenSSH which is older than 3.1. Versions prior than 3.1 are vulnerable to an off by one error that allows local users to gain root access, and it may be possible for remote users to similarly compromise the daemon for remote access. In addition, a vulnerable SSH clie...

10CVSS7.6AI score0.14804EPSS
Exploits0References1
nvd
nvd
added 2001/12/31 5:0 a.m.18 views

CVE-2001-1585

SSH protocol 2 aka SSH-2 public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as...

6.8CVSS6.8AI score0.01924EPSS
Exploits0References4
nvd
nvd
added 2001/12/31 5:0 a.m.21 views

CVE-2001-1507

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged...

7.5CVSS6.6AI score0.02241EPSS
Exploits0References4
osv
osv
added 2001/12/31 5:0 a.m.6 views

CVE-2001-1507

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged...

8.1AI score
Exploits0References5
osv
osv
added 2001/12/31 5:0 a.m.4 views

DEBIAN-CVE-2001-1507

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged...

7.5CVSS9.4AI score0.02241EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2001/12/31 12:0 a.m.10 views

PT-2001-2592 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 3.0.1 Description: The issue concerns improper user authentication when Kerberos V is enabled. This could potentially allow remote attackers to login without being challenged. Recommendations: For versions prior to...

10CVSS8AI score0.99506EPSS
Exploits208References338
ptsecurity
ptsecurity
added 2001/12/31 12:0 a.m.16 views

PT-2001-2669 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH version 2.3.1 Description: The issue concerns the SSH protocol 2 public key authentication in OpenSSH, which does not perform a challenge-response step to verify that the client has the proper private key. This allows remote attackers...

10CVSS8AI score0.99506EPSS
Exploits208References338
nvd
nvd
added 2001/12/21 5:0 a.m.25 views

CVE-2001-0872

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LDPRELOAD, which allows local users to gain root privileges...

7.2CVSS6.5AI score0.00871EPSS
Exploits0References14
nessus
nessus
added 2001/12/10 12:0 a.m.55 views

OpenSSH < 3.0.2 Multiple Vulnerabilities

You are running a version of OpenSSH which is older than 3.0.2. Versions prior than 3.0.2 have the following vulnerabilities : - When the UseLogin feature is enabled, a local user could export environment variables, resulting in command execution as root. The UseLogin feature is disabled by...

7.2CVSS7.8AI score0.01368EPSS
Exploits1References5
packetstorm
packetstorm
added 2001/12/09 12:0 a.m.49 views

UseLogin.txt

-- OpenSSH UseLogin bug proof of concept exploit -- by WaR / http://www.genhex.org -- Intro -- I was very curious in finding out how to exploit this problem. Although I don't think anyone uses this feature, I looked into the matter anyway. Here it goes. It was tested on the following platforms: -...

7.4AI score
Exploits0
cert
cert
added 2001/12/07 12:0 a.m.22 views

OpenSSH fails to properly apply source IP based access control restrictions

Overview OpenSSH is an implementation of the Secure Shell protocol. A user may be able to bypass the IP based access control restriction feature specified in a key when two keys of varying types are specified. Description Versions of OpenSSH between 2.5.x - 2.9.x may fail to enforce the IP based...

6.4AI score
Exploits0References1
cert
cert
added 2001/12/07 12:0 a.m.22 views

OpenSSH does not initialize PAM session thereby allowing PAM restrictions to be bypassed

Overview OpenSSH is an implementation of the Secure Shell SSH protocol. It can be configured to use Linux Pluggable Authentication Modules PAM for added authentication. A vulnerability exists in OpenSSH, and perhaps other implementations of SSH, which can allow to potentially bypass PAM...

7.1AI score
Exploits0References3
nvd
nvd
added 2001/12/06 5:0 a.m.23 views

CVE-2001-0816

OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorizedkeys2 command= restrictions using sftp commands...

7.5CVSS6.3AI score0.01794EPSS
Exploits0References6
Rows per page
Query Builder