Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

[email protected] reports: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protoc...

Advisory ROSA-SA-2025-2675

software: libssh2 1.10.0 OS: ROSA-CHROME packageevrstring: libssh2-1.10.0-3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process...

Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

On December 18th, 2023, researchers from the Ruhr University Bochum published a protocol flaw in the SSH v2 protocol, called Terrapin Attack. The flaw allows removing encrypted SSH messages at the begin of the communication, allowing downgrade of security aspects of SSH connections. This occurs...

CentOS 5 : openssh (CESA-2009:1287)

Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These...

RedHat Security Advisory RHSA-2009:1287

The remote host is missing updates announced in advisory RHSA-2009:1287. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a...