3 matches found
OpenSSH >= 2.3.0 AllowTcpForwarding Port Bouncing
According to its banner, the remote host is running OpenSSH, version 2.3.0 or later. Such versions of OpenSSH allow forwarding TCP connections. If the OpenSSH server is configured to allow anonymous connections e.g. AnonCVS, remote, unauthenticated users could use the host as a proxy. C Tenable,...
CVE-2004-1653
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS...
SSHD / AnonCVS Nastyness
SSHD / AnonCVS Port Bouncing Nastyness Advisory URL: http://pacsec.jp/advisories.html Summary: -------- Sites with default SSHD configs and anonymous CVS or other "public" access are vulnerable to port bounce attacks. Details: -------- SSHD defaults to AllowTcpForwarding "yes" in...