Fedora: Security Advisory for trilead-ssh2 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: trilead-ssh2-217.21-13.fc40

Trilead SSH-2 for Java is a library which implements the SSH-2 protocol in pu re Java tested on J2SE 1.4.2 and 5.0. It allows one to connect to SSH servers from within Java programs. It supports SSH sessions remote command execution and shell access, local and remote port forwarding, local stream...

SLOTH Collisions Attacks Against SHA-1, MD5 in TLS, IKE, SSH

If you’re hanging on to the theory that collision attacks against SHA-1 and MD5 aren’t yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have demonstrated new attacks that raise the urgency to move away from these broken cryptographic...

CVE-2015-2157

The 1 ssh2loaduserkey and 2 ssh2saveuserkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory...

CVE-2015-2157

The 1 ssh2loaduserkey and 2 ssh2saveuserkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory...

CVE-2015-2157

The 1 ssh2loaduserkey and 2 ssh2saveuserkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory...

Updated putty and filezilla packages fix CVE-2015-2157

Updated putty and filezilla packages fix security vulnerability: PuTTY suite versions 0.51 to 0.63 fail to clear SSH-2 private key information from memory when loading and saving key files to disk, leading to potential disclosure. The issue affects keys stored on disk in encrypted and unencrypted...

PuTTY < 0.64 Multiple Information Disclosure Vulnerabilities

The remote host has a version of PuTTY installed that is prior to 0.64. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to a failure to clear SSH-2 private key information from the memory during the saving or loading of key files to...

FreeBSD : PuTTY -- Four security holes in versions before 0.63 (4b448a96-ff73-11e2-b28d-080027ef73ec)

Simon Tatham reports : This 0.63 release fixes multiple security holes in previous versions of PuTTY, which can allow an SSH-2 server to make PuTTY overrun or underrun buffers and crash. ... These vulnerabilities can be triggered before host key verification, which means that you are not even saf...

PuTTY -- Four security holes in versions before 0.63

Simon Tatham reports: This 0.63 release fixes multiple security holes in previous versions of PuTTY, which can allow an SSH-2 server to make PuTTY overrun or underrun buffers and crash. ... These vulnerabilities can be triggered before host key verification, which means that you are not even safe...

Fedora Update for dropbear FEDORA-2012-10934

Check for the Version of dropbear OpenVAS Vulnerability Test Fedora Update for dropbear FEDORA-2012-10934 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

FreeBSD : PuTTY -- Password vulnerability (bbd5f486-24f1-11e1-95bc-080027ef73ec)

Simon Tatham reports : PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61. If you log in using SSH-2 keyboard-interactive authentication which is the usual method used by modern servers to request a password, the password you type was accidentally kept in PuTTY's memory for the rest...

PuTTY -- Password vulnerability

Simon Tatham reports: PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61. If you log in using SSH-2 keyboard-interactive authentication which is the usual method used by modern servers to request a password, the password you type was accidentally kept in PuTTY's memory for the rest ...

Deprecated SSH-1 Protocol Detection

The host is running SSH and is providing / accepting one or more deprecated versions of the SSH protocol which have known cryptographic flaws. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2001-1585

SSH protocol 2 aka SSH-2 public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as...

CVE-2001-1585

SSH protocol 2 aka SSH-2 public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as...

CVE-2001-1585

CVE-2001-1585: OpenSSH 2.3.1 development snapshot (2001-01-18 to 2001-02-08) exposes a flaw in SSH protocol 2 public key authentication: it does not perform a challenge–response step to verify the client’s private key, allowing remote attackers to bypass authentication by using a public key from ...

CVE-2005-1020

Secure Shell SSH 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service device reload 1 via a username that contains a domain name when using a TACACS+ server to authenticate, 2 when a new SSH session is in the login phase and a currently logged in user issues a sen...

CVE-2005-1020

Secure Shell SSH 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service device reload 1 via a username that contains a domain name when using a TACACS+ server to authenticate, 2 when a new SSH session is in the login phase and a currently logged in user issues a sen...