Openssh@3.3 Security Vulnerabilities and Issues — Openssh@3.3 CVE List

Lucene search

OpenbsdOpenssh3.3

17 matches found

CVE•added 2010/12/06 10:30 p.m.•13333 views

CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a re...

7.5CVSS5.3AI score0.02108EPSS

CVE•added 2013/03/07 8:55 p.m.•4692 views

CVE-2010-5107

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

5CVSS4.8AI score0.03186EPSS

CVE•added 2012/04/05 2:55 p.m.•2787 views

CVE-2011-5000

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in whic...

3.5CVSS4.7AI score0.01114EPSS

CVE•added 2012/01/27 7:55 p.m.•2579 views

CVE-2012-0814

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accou...

3.5CVSS4.7AI score0.01271EPSS

CVE•added 2014/02/03 3:55 a.m.•2506 views

CVE-2011-4327

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.

2.1CVSS5.7AI score0.00104EPSS

CVE•added 2011/03/02 8:0 p.m.•1708 views

CVE-2010-4755

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted gl...

4CVSS5AI score0.25067EPSS

CVE•added 2006/09/27 1:7 a.m.•1405 views

CVE-2006-4924

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

7.8CVSS7.7AI score0.46437EPSS

CVE•added 2008/07/22 4:41 p.m.•1092 views

CVE-2008-3259

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.

1.2CVSS8.7AI score0.00028EPSS

CVE•added 2007/04/25 4:19 p.m.•736 views

CVE-2007-2243

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

5CVSS9.4AI score0.01471EPSS

CVE•added 2003/04/02 5:0 a.m.•706 views

CVE-2002-0640

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

10CVSS9.8AI score0.52741EPSS

CVE•added 2006/09/27 11:7 p.m.•506 views

CVE-2006-5052

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

5CVSS7.7AI score0.1601EPSS

CVE•added 2008/09/18 3:4 p.m.•460 views

CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slo...

5CVSS7.8AI score0.02401EPSS

CVE•added 2008/08/04 10:0 a.m.•187 views

CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password st...

7.6CVSS6.7AI score0.14685EPSS

CVE•added 2006/01/25 11:3 a.m.•163 views

CVE-2006-0225

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

4.6CVSS9.2AI score0.00088EPSS

CVE•added 2005/09/06 5:3 p.m.•138 views

CVE-2005-2798

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

5CVSS9.2AI score0.03977EPSS

CVE•added 2005/08/23 4:0 a.m.•122 views

CVE-2005-2666

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely...

1.2CVSS9.5AI score0.00146EPSS

CVE•added 2004/08/18 4:0 a.m.•69 views

CVE-2004-0175

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

4.3CVSS9.4AI score0.02826EPSS