Openbsd

Openssh

138 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 28.6%
  • Veröffentlicht 18.09.2008 15:04:27
  • Zuletzt bearbeitet 16.06.2026 22:57:11

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attac...

  • EPSS 2.67%
  • Veröffentlicht 27.08.2008 20:41:00
  • Zuletzt bearbeitet 16.06.2026 22:56:39

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact....

  • EPSS 0.33%
  • Veröffentlicht 22.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:29

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the ...

Exploit
  • EPSS 5.77%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:26

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

  • EPSS 2.22%
  • Veröffentlicht 02.04.2008 18:44:00
  • Zuletzt bearbeitet 16.06.2026 22:52:11

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

  • EPSS 0.35%
  • Veröffentlicht 24.03.2008 23:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:49

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and ...

  • EPSS 2.34%
  • Veröffentlicht 18.10.2007 20:17:00
  • Zuletzt bearbeitet 16.06.2026 22:41:04

Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of the...

  • EPSS 2.37%
  • Veröffentlicht 12.09.2007 01:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:42

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...

  • EPSS 1.96%
  • Veröffentlicht 04.09.2007 22:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:30

Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via...

  • EPSS 8.65%
  • Veröffentlicht 21.05.2007 20:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:16

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwor...