CVE-2001-1585
- EPSS 1.92%
- Veröffentlicht 31.12.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:33
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which al...
CVE-2001-0872
- EPSS 0.87%
- Veröffentlicht 21.12.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:55:08
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
CVE-2001-0816
- EPSS 1.79%
- Veröffentlicht 06.12.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:55:00
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
CVE-2001-1380
- EPSS 2.95%
- Veröffentlicht 18.10.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:09
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP add...
- EPSS 7.82%
- Veröffentlicht 27.09.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:09
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
CVE-2001-1029
- EPSS 1.37%
- Veröffentlicht 20.09.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:55:26
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying al...
CVE-2001-0572
- EPSS 7.03%
- Veröffentlicht 22.08.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:54:33
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies...
CVE-2001-0529
- EPSS 0.62%
- Veröffentlicht 14.08.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:54:28
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
- EPSS 2.5%
- Veröffentlicht 27.06.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:54:09
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1...
CVE-2001-1459
- EPSS 2.16%
- Veröffentlicht 19.06.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:19
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.