405 matches found
CVE-2021-28041
A double-free memory corruption flaw was found in OpenSSH 8.2, more specifically in ssh-agent application. This flaw allows an attacker with access to the agent socket to forward an agent either to an account shared with a malicious user or to a host with an attacker holding root access. The...
packetStrider - A Network Packet Forensics Tool For SSH
packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
DEBIAN-CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
ALPINE-CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
UBUNTU-CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
CVE-2021-28041
The CVE refers to OpenSSH ssh-agent before 8.5, where a double-free vulnerability may be triggered in rare scenarios (unconstrained agent-socket access on legacy OS or forwarding to an attacker-controlled host). Affected component: ssh-agent in OpenSSH prior to 8.5. Root cause: double free descri...
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...
Vulnerability fixed in OpenSSH
A vulnerability has been fixed in OpenSSH. The vulnerability allows a malicious party with access to the SSH agent socket to cause a Denial-of-Service and potentially execute arbitrary code. execute. No CVE attribute has been reserved for this vulnerability yet. The developers of OpenSSH have...
OpenSSH -- Double-free memory corruption in ssh-agent
OpenBSD Project reports: ssh-agent1: fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. On modern operating systems where the OS can provid...
PT-2021-2469
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 8.5 Description The issue is related to a double free in ssh-agent, which may be relevant in less-common scenarios such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent ...
CVE-2019-16905
A Denial of service flaw was found in the way OpenSSH parsed certain specially crafted XMSS eXtended Merkle Signature Scheme private keys. Any OpenSSH functionality which parses private keys is vulnerable, for example: 1. If ‘sshd’ daemon is configured to use an XMSS host key that is malformed, i...
CVE-2018-1999036
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log...
CVE-2018-1999036
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log...
CVE-2018-1999036
CVE-2018-1999036 affects Jenkins SSH Agent Plugin 1.15 and earlier, where SSHAgentStepExecution.java logs the ssh-add command, exposing the SSH private key password to users who can read the build log. The issue’s root cause is sensitive information disclosure via build-log logging. Remediation i...
Fedora 27 : 1:xrdp (2017-1c73749b66)
Security fixes - Fix local denial of service CVE-2017-16927 958 979 fix already in 0.9.4-2 New features - Add a new log level TRACE more verbose than DEBUG 835 944 - SSH agent forwarding via RDP 867 868 FreeRDP/FreeRDP4122 - Support horizontal wheel properly 928 Bug fixes - Avoid use of hard-code...