Openssh@5.5 Security Vulnerabilities and Issues — Openssh@5.5 CVE List

Lucene search

OpenbsdOpenssh5.5

8 matches found

CVE•added 2010/12/06 10:30 p.m.•13334 views

CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a re...

7.5CVSS5.3AI score0.02108EPSS

CVE•added 2013/03/07 8:55 p.m.•4692 views

CVE-2010-5107

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

5CVSS4.8AI score0.03186EPSS

CVE•added 2016/01/14 10:59 p.m.•3151 views

CVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

6.5CVSS6.4AI score0.66391EPSS

CVE•added 2012/04/05 2:55 p.m.•2787 views

CVE-2011-5000

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in whic...

3.5CVSS4.7AI score0.01114EPSS

CVE•added 2012/01/27 7:55 p.m.•2580 views

CVE-2012-0814

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accou...

3.5CVSS4.7AI score0.01271EPSS

CVE•added 2014/02/03 3:55 a.m.•2506 views

CVE-2011-4327

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.

2.1CVSS5.7AI score0.00104EPSS

CVE•added 2016/01/14 10:59 p.m.•1906 views

CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-...

8.1CVSS7.3AI score0.03251EPSS

CVE•added 2011/03/02 8:0 p.m.•1708 views

CVE-2010-4755

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted gl...

4CVSS5AI score0.25067EPSS