The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-08-24
Updated
2022-12-13
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-02-03
Updated
2014-02-21
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Max CVSS
2.6
EPSS Score
12.27%
Published
2008-11-19
Updated
2018-10-11
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
Max CVSS
1.2
EPSS Score
0.04%
Published
2008-07-22
Updated
2017-08-08

CVE-2006-5229

Public exploit
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
Max CVSS
2.6
EPSS Score
1.05%
Published
2006-10-10
Updated
2018-10-17
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
Max CVSS
1.2
EPSS Score
0.07%
Published
2005-08-23
Updated
2017-10-11
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
Max CVSS
2.1
EPSS Score
0.06%
Published
2004-12-31
Updated
2017-07-11
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.
Max CVSS
2.1
EPSS Score
0.05%
Published
2002-12-31
Updated
2018-10-30
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
Max CVSS
2.1
EPSS Score
0.06%
Published
2002-07-23
Updated
2016-10-18
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
Max CVSS
1.2
EPSS Score
0.04%
Published
2001-06-02
Updated
2017-12-19
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-09-20
Updated
2017-10-10
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-06-27
Updated
2017-10-10
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
Max CVSS
2.1
EPSS Score
0.07%
Published
1999-09-05
Updated
2017-10-10
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-03-12
Updated
2008-09-10
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
Max CVSS
2.1
EPSS Score
0.04%
Published
1997-09-15
Updated
2017-10-10
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-14
Updated
2016-10-18
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
Max CVSS
2.6
EPSS Score
0.17%
Published
1999-02-19
Updated
2008-09-09
Buffer overflow in OpenBSD ping.
Max CVSS
2.1
EPSS Score
0.06%
Published
1999-02-23
Updated
2008-09-09
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
Max CVSS
2.1
EPSS Score
0.06%
Published
1999-02-25
Updated
2008-09-09
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
Max CVSS
2.6
EPSS Score
0.17%
Published
1999-02-17
Updated
2022-08-17
20 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!