CVE-2007-2791

Unspecified vulnerability in the Secure Shell SSH in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout...

CVE-2007-2791

Unspecified vulnerability in the Secure Shell SSH in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout...

CVE-2007-2791

CVE-2007-2791 affects HP Tru64 UNIX 5.1B-3 and 5.1B-4. The provided documents describe an unspecified vulnerability in SSH that could allow remote attackers to identify valid users, likely via timing-related vectors such as AuthInteractiveFailureRandomTimeout. Public proof-of-concept material exi...

Solaris 9 (sparc) : 125713-02

NetConnect 3.2.3: srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Oct/22/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'...

Solaris 10 (x86) : 120051-06

SunOS 5.10x86: usermod patch. Date this patch was last updated by Sun : May/07/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if ! definedfunc"bnrando...

CVE-2007-2765

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ss...

Design/Logic Flaw

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ss...

Remote listeners enumeration (Linux / AIX)

By logging into the remote host with the supplied credentials, Nessus was able to obtain the name of the process listening on the remote port. Note that the method used by this plugin only works for hosts running Linux or AIX. TRUSTED...

Cisco PIX/ASA设备多个远程拒绝服务及认证绕过漏洞

PIX是一款防火墙设备，可为用户和应用提供策略强化、多载体攻击防护和安全连接服务；自适应安全设备（ASA）是可提供安全和VPN服务的模块化平台。 Cisco PIX/ASA设备中存在多个远程漏洞，远程攻击者可能利用此漏洞导致设备无法正常工作或绕过认证。 具体如下： 绕过LDAP认证 +------------------------- 使用LDAP AAA服务器对终止的L2TP IPSec隧道或远程管理会话进行认证的Cisco ASA 和PIX设备可能受认证绕过攻击的影响，更多信息请见以下公告： 2层隧道协议（L2TP） 必须将终止L2TP...

Enumerate IPv6 Interfaces via SSH

Nessus was able to enumerate the network interfaces configured with IPv6 addresses by connecting to the remote host via SSH using the supplied credentials. TRUSTED...

Enumerate IPv4 Interfaces via SSH

Nessus was able to enumerate the network interfaces configured with IPv4 addresses by connecting to the remote host via SSH using the supplied credentials. TRUSTED...

Solaris 9 (sparc) : 116837-04

Sun LDAP C SDK 5.19 patch : SunOS sparc. Date this patch was last updated by Sun : Feb/06/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

Cisco PIX and ASA authentication bypass vulnerability

Overview The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and...

Solaris 10 (sparc) : 120473-12

SunOS 5.10: libc nss ldap PAM zfs patch. Date this patch was last updated by Sun : Jul/11/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...

CVE-2007-2063

SSH Tectia Server for IBM z/OS is affected up to version 5.3.x; prior releases, before 5.4.0, use insecure world-writable permissions for (1) the server pid file, enabling local users to stop arbitrary processes, and (2) when _BPX_BATCH_UMASK is missing, HFS files with insecure permissions, allow...

Solaris 10 (sparc) : 125100-10

SunOS 5.10: Kernel Update patch. Date this patch was last updated by Sun : Jun/26/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...

[SECURITY] Fedora Core 6 Update: openssh-4.3p2-19.fc6

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

NetSievben SSH library SFTP DoS

SFTP file descriptors leak...

GLSA-200703-13 : SSH Communications Security's Secure Shell Server: SFTP privilege escalation

The remote host is affected by the vulnerability described in GLSA-200703-13 SSH Communications Security's Secure Shell Server: SFTP privilege escalation The SSH Secure Shell Server contains a format string vulnerability in the SFTP code that handles file transfers scp2 and sftp2. In some...

CVE-2007-0726

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were...