Debian: Security Advisory (DSA-3487-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : libssh2-1.6.0-4.fc23 (2016-215a2219b1)

During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than...

[SECURITY] [DSA 3487-1] libssh2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3487-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2016 https://www.debian.org/security/faq -...

Cisco Aironet SSHv2处理拒绝服务漏洞

No description provided by source...

Code injection

Cisco Aironet 1800 devices with software 8.1131.0 allow remote attackers to cause a denial of service CPU consumption by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374...

CVE-2015-6367

The CVE pertains to Cisco Aironet 1800 Series Access Points running 8.1(131.0) where the SSHv2 handling can be abused by establishing a high number of connections, causing high CPU utilization and a denial of service. The root cause is improper handling of incoming SSHv2 connections that do not c...

CVE-2015-6367

Cisco Aironet 1800 devices with software 8.1131.0 allow remote attackers to cause a denial of service CPU consumption by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374...

Cisco Aironet 1800 Series Access Point SSHv2 Denial of Service Vulnerability

A vulnerability in the Secure Shell Version 2 SSHv2 protocol of Cisco Aironet 1800 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high CPU utilization and an accumulation of SSHv2 connections. The vulnerability is due to...

Cisco IOS XE SSHv2 RSA-Based User Authentication Bypass (CSCus73013)

The remote Cisco IOS XE device is missing a vendor-supplied security patch, and is configured for SSHv2 RSA-based user authentication. It is, therefore, affected by a flaw in the SSHv2 protocol implementation of the public key authentication method. An unauthenticated, remote attacker can exploit...

Cisco IOS SSHv2 RSA-Based User Authentication Bypass (CSCus73013)

The remote Cisco IOS device is missing a vendor-supplied security patch, and is configured for SSHv2 RSA-based user authentication. It is, therefore, affected by a flaw in the SSHv2 protocol implementation of the public key authentication method. An unauthenticated, remote attacker can exploit...

CVE-2015-6280

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote...

Authentication flaw

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote...

CVE-2015-6280

Cisco IOS/IOS XE SSHv2 RSA-based user authentication bypass (CVE-2015-6280) allows an unauthenticated, remote attacker who knows a valid RSA username and public key to bypass authentication and log in with the user’s privileges, potentially gaining admin access depending on VTY/user configuration...

CVE-2015-6280

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote...

Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability

A vulnerability in the SSH version 2 SSHv2 protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configure...

Medusa - Speedy, Parallel and Modular Login Brute-Forcer

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-for...

Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability Advisory ID: cisco-sa-20120328-ssh Revision 1.0 For Public Release 2012 March 28 16:00 UTC GMT...

Cisco IOS Software Reverse SSH Denial of Service Vulnerability (cisco-sa-20120328-ssh)

The Secure Shell SSH server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service DoS vulnerability in the SSH version 2 SSHv2 feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted...

CVE-2012-0386

The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service device reload via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064...

Code injection

The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service device reload via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064...