Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openssh
(Openbsd)| Repositories |
• https://github.com/openbsd/src
• https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 116 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-07-03 | CVE-2002-0640 | Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt). | Openssh | N/A | ||
| 2008-09-18 | CVE-2008-4109 | A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. | Openssh | N/A | ||
| 2003-05-12 | CVE-2003-0190 | OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. | Openssh, Openpkg, Scalance_x204rna_ecc_firmware, Scalance_x204rna_firmware | N/A | ||
| 2002-07-03 | CVE-2002-0639 | Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. | Openssh | 9.8 | ||
| 2002-03-15 | CVE-2002-0083 | Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | Linux, Secure_linux, Immunix, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_single_network_firewall, Openssh, Openpkg, Linux, Suse_linux, Secure_linux | 9.8 | ||
| 2005-08-23 | CVE-2005-2666 | SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | Openssh | N/A | ||
| 2010-12-06 | CVE-2010-4478 | OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | Openssh | N/A | ||
| 2012-01-27 | CVE-2012-0814 | The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an... | Openssh | N/A | ||
| 2016-08-07 | CVE-2016-6515 | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. | Fedora, Openssh | 7.5 | ||
| 2017-01-05 | CVE-2016-10012 | The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. | Openssh | 7.8 |