400 matches found
CVE-2002-1359
CVE-2002-1359 involves a buffer overflow in multiple SSH2 implementations, notably the PuTTY SSH client (affected versions: <= 0.53). The issue arises when handling large packets/fields during SSH, as demonstrated by the SSHredder test suite, potentially enabling remote code execution or a den...
Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization
Overview Secure shell SSH transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. A remote attacker could execute arbitrary code with the privileges of the SSH...
SSH Protocol Version 1 Session Key Retrieval
The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10882; scriptversion"1.37";...
SSH Protocol Versions Supported
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon. TRUSTED...
CVE-2001-1585
SSH protocol 2 aka SSH-2 public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as...
OpenSSH does not initialize PAM session thereby allowing PAM restrictions to be bypassed
Overview OpenSSH is an implementation of the Secure Shell SSH protocol. It can be configured to use Linux Pluggable Authentication Modules PAM for added authentication. A vulnerability exists in OpenSSH, and perhaps other implementations of SSH, which can allow to potentially bypass PAM...
OpenSSH Security Advisory (adv.option)
Weakness in OpenSSH's source IP based access control for SSH protocol v2 public key authentication. 1. Systems affected: Versions of OpenSSH between 2.5.x and 2.9.x using the 'from=' key file option in combination with both RSA and DSA keys in /.ssh/authorizedkeys2. 2. Description: Depending on t...
CVE-2001-0572
The SSH protocols 1 and 2 aka SSH-2 as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: 1 password lengths or ranges of lengths, which simplifies brute force password guessing, 2 whether RSA or DS...
CVE-2001-0572
CVE-2001-0572 concerns the SSH protocols 1 and 2 as implemented in OpenSSH and other packages. The connected documents confirm concrete details: the issue enables a remote attacker to sniff and disclose information such as password lengths, the authentication method (RSA/DSA), the number of autho...
PT-2001-1770 · Openssh +1 · Openssh +1
Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The SSH protocols 1 and 2 as implemented in OpenSSH have various weaknesses that can allow a remote attacker to obtain sensitive information via sniffing. This includes password lengths or...
Security Advisory: Multiple SSH vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Security Advisory: Multiple SSH vulnerabilities Revision 1.0 - INTERIM For public release 2001 June 27 08:00 UTC -0800 Summary Three different Cisco product lines are susceptible to multiple vulnerabilities in the Secure Shell SSH protocol. These issues are...
SSH 1.2.x - CRC-32 Compensation Attack Detector
SSH 1.2.x - CRC-32 Compensation Attack Detector // source: https://www.securityfocus.com/bid/2347/info Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An...
SSH 1.2.30 - Daemon Logging Failure
SSH 1.2.30 - Daemon Logging Failure source: https://www.securityfocus.com/bid/2345/info SSH1 is the implementation of the Secure Shell communication protocol by SSH Communications. SSH1 is version 1 of the protocol specified by IETF draft to protect the integrity of traffic over the network. A...
Weak CRC allows last block of IDEA-encrypted SSH packet to be changed without notice
Overview There is an information integrity vulnerability in the SSH1 protocol that allows the last block of an IDEA-encrypted session to be modified without notice. Description Preconditions: Session is encrypted using IDEA cipher. Compression is disabled. SSH clients configured to use the IDEA...
SSH 1.2.x - Secure-RPC Weak Encrypted Authentication
// source: https://www.securityfocus.com/bid/2222/info SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which could allow the discovery of the...
DoS против Cisco Catalyst (SSH Protocol Mismatch)
Подключение к ssh порту по не-ssh протоколу приводит к отказу коммутатора...
Cisco Catalyst SSH Protocol Mismatch Vulnerability
...
Cisco Catalyst 400050006000 6.1 - SSH Protocol Mismatch Denial of Service
Cisco Catalyst 400050006000 6.1 - SSH Protocol Mismatch Denial of Service source: https://www.securityfocus.com/bid/2117/info Software versions 6.11, 6.11a and 6.11b for Catalyst 4000, 5000, and 6000 devices that support SSH and 3 DES encryption contain a vulnerability that may allow an attacker ...
CVE-2000-0143
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP...
CVE-2000-0143
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP...