70 matches found
CVE-2007-5616
CVE-2007-5616 affects SSH Tectia Client and Server 5.x before 5.2.4 and 5.3.x before 5.3.6 on Unix/Linux. A local user can escalate privileges via the ssh-signer component, with root access reported as the impact. The vulnerability is mitigated by upgrading to SSH Tectia client/server 5.2.4 or 5....
CVE-2007-5616
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors...
Design/Logic Flaw
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for 1 the server pid file, which allows local users to cause arbitrary processes to be stopped, or 2 when BPXBATCHUMASK is missing from the environment, creates HFS files with insecure permissions, which allows...
CVE-2007-2063
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for 1 the server pid file, which allows local users to cause arbitrary processes to be stopped, or 2 when BPXBATCHUMASK is missing from the environment, creates HFS files with insecure permissions, which allows...
CVE-2007-2063
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for 1 the server pid file, which allows local users to cause arbitrary processes to be stopped, or 2 when BPXBATCHUMASK is missing from the environment, creates HFS files with insecure permissions, which allows...
SSH Tectia Server for IBM z/OS本地权限提升漏洞
SSH Tectia客户端/服务器解决方案是基于Secure Shell技术的多平台点到点通讯安全解决方案,SSH Tectia Server for IBM z/OS是其中的一个产品模块。 SSH Tectia Server安装文件时设置了不安全的访问权限,本地攻击者可能利用此漏洞提升自己的权限。 SSH Tectia Server for IBM z/OS以完全可写的权限创建文件和目录,因此本地用户可以删除、控制或替换某些文件,获得权限提升。 SSH Communications Security SSH Tectia Server for IBM z/OS 5.4.0...
SSH Tectia Manager Agent进程本地特权提升漏洞
SSH Tectia基于SSH技术,集中管理情况下提供 安全的系统管理,安全的文件传输,安全的程序之间的连接。 SSH Tectia Manager下的管理代理程序存在漏洞,本地攻击者可以利用漏洞使用Unix管理代理以ROOT权限起用非特权进程。 只有在如下条件下可触发此问题: - 实际管理的sshd程序已经停止。 - 用户已启动自身的非特权进程两进制调用SSHD。 - 管理代理通过管理服务GUI中的管理服务"Restart"按钮来重新启动sshd服务程序。 - 通过进程列表读取信息,杀掉非特权进程sshd服务器,然后以ROOT权限重启动相同的两进制程序。...
CVE-2006-5484
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents...
CVE-2006-5484
CVE-2006-5484 describes a cryptographic flaw in SSH Tectia Client/Server/Connector (5.1.0 and earlier) and Manager (2.2.0 and earlier), where using an RSA key with exponent 3 causes PKCS#1 padding to be removed before hash generation. This enables remote attackers to forge a PKCS#1 v1.5 signature...
[SA21559] SSH Tectia Management Agent Privilege Escalation
TITLE: SSH Tectia Management Agent Privilege Escalation SECUNIA ADVISORY ID: SA21559 VERIFY ADVISORY: http://secunia.com/advisories/21559/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: SSH Tectia Manager 2.x http://secunia.com/product/11677/ DESCRIPTION: A...
CVE-2006-4315
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Progr...
CVE-2006-4316
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and...
CVE-2006-4316
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and...
CVE-2006-4315
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Progr...
CVE-2006-4315
CVE-2006-4315 describes an unquoted Windows search path vulnerability in multiple SSH Tectia products. Affects: SSH Tectia Client/Server/Connector 5.0.0 and 5.0.1, and Client/Server prior to 4.4.5; Manager 2.12 and earlier. Root cause: unquoted paths under Windows in the application startup chain...
[SA18828] SSH Tectia Server SFTP Service Unspecified Vulnerability
TITLE: SSH Tectia Server SFTP Service Unspecified Vulnerability SECUNIA ADVISORY ID: SA18828 VERIFY ADVISORY: http://secunia.com/advisories/18828/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: SSH Secure Shell for Servers 3.x http://secunia.com/product/808/ SSH...
CVE-2006-0705
CVE-2006-0705 is a format-string vulnerability in SFTP/SSH logging code across multiple servers (e.g., SSH Secure Shell Server variants, and related SFTP servers). The flaw affects the handling of filenames in logs, enabling a remote authenticated user to potentially execute arbitrary commands vi...
SSH Tectia Server SFTP Filename Logging Format String
Binary data 3432.prm...
SSH Tectia Server SFTP Filename Logging Format String
The remote host is running SSH Tectia Server, a commercial SSH server. According to its banner, the installed version of this software contains a format string vulnerability in its sftp subsystem. A remote, authenticated attacker may be able to execute arbitrary code on the affected host subject ...
CVE-2005-4310
Affected product : SSH Tectia Server