Openssh Security Vulnerabilities and Issues — Openssh CVE List

Lucene search

OpenbsdOpenssh

9 matches found

CVE•added 2008/08/27 8:41 p.m.•2824 views

CVE-2008-3844

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not dist...

9.3CVSS6.1AI score0.02091EPSS

CVE•added 2008/07/22 4:41 p.m.•1087 views

CVE-2008-3259

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.

1.2CVSS8.7AI score0.00028EPSS

CVE•added 2008/04/02 6:44 p.m.•1009 views

CVE-2008-1657

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

6.5CVSS6.5AI score0.00201EPSS

CVE•added 2008/11/19 5:30 p.m.•725 views

CVE-2008-5161

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; ...

2.6CVSS6.2AI score0.038EPSS

CVE•added 2008/09/18 3:4 p.m.•460 views

CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slo...

5CVSS7.8AI score0.02437EPSS

CVE•added 2008/03/24 11:44 p.m.•197 views

CVE-2008-1483

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

6.9CVSS5.8AI score0.00135EPSS

CVE•added 2008/08/04 10:0 a.m.•182 views

CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password st...

7.6CVSS6.7AI score0.14685EPSS

CVE•added 2008/08/04 10:0 a.m.•129 views

CVE-2004-2760

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observ...

6.8CVSS6.6AI score0.14685EPSS

CVE•added 2008/07/18 4:41 p.m.•53 views

CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

6.5CVSS8.9AI score0.02789EPSS