Openbsd

Openssh

138 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.61%
  • Veröffentlicht 06.10.2003 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:02:39

Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a differe...

  • EPSS 9.89%
  • Veröffentlicht 22.09.2003 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:02:39

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CV...

Exploit
  • EPSS 5.77%
  • Veröffentlicht 02.07.2003 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:02:06

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse...

Exploit
  • EPSS 76.75%
  • Veröffentlicht 12.05.2003 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:43

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

  • EPSS 1.28%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:05

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.

Exploit
  • EPSS 18.43%
  • Veröffentlicht 03.07.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:50

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

  • EPSS 27.32%
  • Veröffentlicht 03.07.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:50

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authenticat...

Exploit
  • EPSS 4.21%
  • Veröffentlicht 18.06.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:42

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

  • EPSS 14.8%
  • Veröffentlicht 15.03.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:56:44

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

  • EPSS 2.24%
  • Veröffentlicht 31.12.2001 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:56:24

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.