24 matches found
[SECURITY] [DSA 5586-1] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 22, 2023 https://www.debian.org/security/faq -...
Ubuntu: Security Advisory (USN-6560-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6560-1: OpenSSH vulnerabilities
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...
FreeBSD : FreeBSD -- ssh-add does not honor per-hop destination constraints (e31a8f8e-47bf-11ee-8e38-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e31a8f8e-47bf-11ee-8e38-002590c1f29c advisory. - ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destinati...
GLSA-202307-01 : OpenSSH: Remote Code Execution
The remote host is affected by the vulnerability described in GLSA-202307-01 OpenSSH: Remote Code Execution - OpenSSH server sshd 9.1 introduced a double-free vulnerability during options.kexalgorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated...
FreeBSD -- ssh-add does not honor per-hop destination constraints
Problem Description: When using ssh-add1 to add smartcard keys to ssh-agent1 with per-hop destination constraints, a logic error prevented the constraints from being sent to the agent resulting in keys being added to the agent without constraints. Impact: A malicious server could leverage the key...
Privilege Escalation
openssh is vulnerable to Privilege Escalation. The vulnerability arises from the library adding smartcard keys to ssh-agent without enforcing the intended per-hop destination constraints. This can result in unauthorized access to the system and the potential disclosure of sensitive information...
K000133517: OpenSSH vulnerability CVE-2023-28531
Security Advisory Description ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. CVE-2023-28531 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
...
OpenSSH < 9.3 Multiple Vulnerabilities
The version of OpenSSH installed on the remote host is prior to 9.3. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.3 advisory. - ssh-add1: when adding smartcard keys to ssh-agent1 with the per-hop destination constraints ssh-add -h ... added in OpenSSH 8.9,...
SUSE CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
CVE-2023-28531
A vulnerability was found in openssh. This issue occurs when adding smartcard keys to ssh-agent1 with per-hop destination constraints. A logic error prevented the constraints from being communicated to the agent, resulting in the keys being added without constraints. The common cases of...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling such that ssh-add method adds smartcard keys to ssh-agent without the intended per-hop destination constraints. Remediation A fix was pushed into the master branch but not yet...
CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
AZL-25662 CVE-2023-28531 affecting package openssh for versions less than 8.9p1-5
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
ALPINE-CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
DEBIAN-CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
Code injection
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...