Openbsd

Openssh

138 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 37.43%
  • Veröffentlicht 05.01.2017 02:59:03
  • Zuletzt bearbeitet 29.05.2026 21:16:26

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

  • EPSS 4.24%
  • Veröffentlicht 05.01.2017 02:59:03
  • Zuletzt bearbeitet 29.05.2026 21:16:26

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.

  • EPSS 1.1%
  • Veröffentlicht 05.01.2017 02:59:03
  • Zuletzt bearbeitet 29.05.2026 21:16:26

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

  • EPSS 1.28%
  • Veröffentlicht 05.01.2017 02:59:03
  • Zuletzt bearbeitet 29.05.2026 21:16:26

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a san...

  • EPSS 29.46%
  • Veröffentlicht 09.12.2016 11:59:00
  • Zuletzt bearbeitet 29.05.2026 21:16:30

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does ...

  • EPSS 58.57%
  • Veröffentlicht 07.08.2016 21:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

  • EPSS 0.63%
  • Veröffentlicht 01.05.2016 01:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted...

  • EPSS 37.02%
  • Veröffentlicht 22.03.2016 10:59:02
  • Zuletzt bearbeitet 29.05.2026 21:16:29

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_...

  • EPSS 14.34%
  • Veröffentlicht 19.01.2016 05:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

Exploit
  • EPSS 20.37%
  • Veröffentlicht 14.01.2016 22:59:02
  • Zuletzt bearbeitet 29.05.2026 21:16:25

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows r...