Openbsd

Openssh

126 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2003-0386

Exploit
  • EPSS 9.64%
  • Veröffentlicht 02.07.2003 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse...

5

CVE-2003-0190

Exploit
  • EPSS 20.58%
  • Veröffentlicht 12.05.2003 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

7.5

CVE-2002-0765

  • EPSS 0.6%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.

10

CVE-2002-0639

Exploit
  • EPSS 33.71%
  • Veröffentlicht 03.07.2002 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

10

CVE-2002-0640

  • EPSS 66.96%
  • Veröffentlicht 03.07.2002 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authenticat...

7.5

CVE-2002-0575

Exploit
  • EPSS 3.45%
  • Veröffentlicht 18.06.2002 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

10

CVE-2002-0083

  • EPSS 1.77%
  • Veröffentlicht 15.03.2002 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

7.5

CVE-2001-1507

  • EPSS 1.05%
  • Veröffentlicht 31.12.2001 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.

6.8

CVE-2001-1585

  • EPSS 0.35%
  • Veröffentlicht 31.12.2001 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which al...

7.2

CVE-2001-0872

  • EPSS 0.18%
  • Veröffentlicht 21.12.2001 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.