Amazon Linux AMI : openssh (ALAS-2017-898)

A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH did not limit...

Medium: openssh

Issue Overview: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH...

An ssh-agent for every domain: SSHecret

If you have an encrypted ssh key for each domain you access you should, and you keep your unlocked keys in a single ssh-agent you maybe shouldn’t, AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad. If you forward an ssh-agent with all your unique keys for every...

PuTTY < 0.68 - ssh_agent_channel_data Integer Overflow Heap Corruption Vulnerability

Exploit for linux platform in category dos / poc Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a security...

PuTTY ssh_agent_channel_data Integer Overflow

Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a security vulnerability. difficulty: fun: Just needs tuits, and not...

GLSA-201706-09 : FileZilla: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-201706-09 FileZilla: Buffer overflow FileZilla is affected by the same vulnerability as reported in GLSA 201703-03 because the package included a vulnerable copy of PuTTY. Please read the GLSA for PuTTY referenced below for detail...

PuTTY &lt; 0.68 - &#039;ssh_agent_channel_data&#039; Integer Overflow Heap Corruption

Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a security vulnerability. difficulty: fun: Just needs tuits, and not...

PuTTY 0.68 - ssh_agent_channel_data Integer Overflow Heap Corruption

PuTTY 0.68 - sshagentchanneldata Integer Overflow Heap Corruption Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a...

BSA-2017-272

Security Advisory ID : BSA-2017-272 Component : OpenSSH Revision : 2.0: Final Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket. Affected...

EulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1055)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11...

EulerOS 2.0 SP2 : openssh (EulerOS-SA-2017-1054)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11...

MGASA-2017-0093 Updated putty packages fix security vulnerability

In PuTTY before 0.68, if SSH agent forwarding is enabled, local attackers that are also able to connect to the UNIX domain socket could have overwritten heap data CVE-2017-6542...

CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

openSUSE Security Update : putty (openSUSE-2017-354)

This update to putty 0.68 fixes the following security issue : - CVE-2017-6542: If SSH agent forwarding is enabled, local attackers that are also able to connect to the UNIX domain socket could have overwritten heap data boo1029256 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

FreeBSD : PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections (9b973e97-0a99-11e7-ace7-080027ef73ec)

Simon G. Tatham reports : Many versions of PuTTY prior to 0.68 have a heap-corrupting integer overflow bug in the sshagentchanneldata function which processes messages sent by remote SSH clients to a forwarded agent connection. ... This bug is only exploitable at all if you have enabled SSH agent...

openSUSE Security Update : openssh (openSUSE-2017-184)

This update for openssh fixes several issues. These security issues were fixed : - CVE-2016-8858: The kexinputkexinit function in kex.c allowed remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests bsc1005480. - CVE-2016-10012: The shared memo...

PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections

Simon G. Tatham reports: Many versions of PuTTY prior to 0.68 have a heap-corrupting integer overflow bug in the sshagentchanneldata function which processes messages sent by remote SSH clients to a forwarded agent connection. ... This bug is only exploitable at all if you have enabled SSH agent...

FreeBSD -- OpenSSH multiple vulnerabilities

Problem Description: The ssh-agent1 agent supports loading a PKCS11 module from outside a trusted whitelist. An attacker can request loading of a PKCS11 module across forwarded agent-socket. CVE-2016-10009 When privilege separation is disabled, forwarded Unix domain sockets would be created by...

OpenSSH 7.x < 7.4 Multiple Vulnerabilities

Binary data 9855.prm...

Design/Logic Flaw

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...