Vendor Dictionary: OpenSSH

OpenSSH

Short Name:	OpenSSH
Previous Names:	[None Entered]
URL:	http://www.openssh.org/ [visit link]
Email:	opensshopenssh.com
Security URL:	http://www.openssh.org/security.html [visit link]
Security Email:	opensshopenssh.com
Knowledge Base:	[None Entered]
Notes:	[No Notes]
Full Details...

Vulnerabilities by Vendor Product

OpenSSH

OpenSSH

OpenSSH (portable): 1.x; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 2.1x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 2.2x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 2.3x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 2.5x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 2.9x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 3.0x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 3.1x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 3.2x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 3.3x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 3.4x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 3.5x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 3.6.1p1; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; OSVDB ID: 2140 OpenSSH w/ PAM Username Validity Timing Attack; 3.7.1p1; OSVDB ID: 6071 OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation; OSVDB ID: 6072 OpenSSH PAM Conversation Function Stack Modification; 3.7p1; OSVDB ID: 6071 OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation; OSVDB ID: 6072 OpenSSH PAM Conversation Function Stack Modification; 1.2x; OSVDB ID: 4536 OpenSSH Portable AIX linker Privilege Escalation; 3.6.1 p2; OSVDB ID: 16567 OpenSSH Privilege Separation LoginGraceTime DoS; 3.7.1 p2; OSVDB ID: 16567 OpenSSH Privilege Separation LoginGraceTime DoS; 4.3p1; OSVDB ID: 29152 OpenSSH Identical Block Packet DoS; 3.2.2p1; OSVDB ID: 53021 OpenSSH on ftp.openbsd.org Trojaned Distribution; 3.4p1; OSVDB ID: 53021 OpenSSH on ftp.openbsd.org Trojaned Distribution; 3.4; OSVDB ID: 53021 OpenSSH on ftp.openbsd.org Trojaned Distribution

SSH: 1.2.3; OSVDB ID: 2116 PKCS 1 Version 1.5 Session Key Retrieval (Bleichenbacher Attack); 2.1; OSVDB ID: 2116 PKCS 1 Version 1.5 Session Key Retrieval (Bleichenbacher Attack); 2.1.1; OSVDB ID: 2116 PKCS 1 Version 1.5 Session Key Retrieval (Bleichenbacher Attack)

OpenSSH Portable: 4.1p1; OSVDB ID: 19142 OpenSSH Multiple X11 Channel Forwarding Leaks; OSVDB ID: 19141 OpenSSH GSSAPIAuthentication Credential Escalation; 3.8.1p1; OSVDB ID: 23797 OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS; 4.3p2; OSVDB ID: 29494 OpenSSH packet.c Invalid Protocol Sequence Remote DoS

OpenSSH: 1.2.3; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 6248 Multiple SSH Client ssh-agent Forwarding Information Disclosure; OSVDB ID: 2114 Multiple SSH Client X11 Forwarding Information Disclosure; OSVDB ID: 341 OpenSSH UseLogin Local Privilege Escalation; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 2.1.0; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 6248 Multiple SSH Client ssh-agent Forwarding Information Disclosure; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 2114 Multiple SSH Client X11 Forwarding Information Disclosure; OSVDB ID: 341 OpenSSH UseLogin Local Privilege Escalation; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 1.x; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; OSVDB ID: 795 Multiple Vendor SSH CRC-32 detect_attack() Function Overflow; 2.0.x; OSVDB ID: 795 Multiple Vendor SSH CRC-32 detect_attack() Function Overflow; 2.1.x; OSVDB ID: 795 Multiple Vendor SSH CRC-32 detect_attack() Function Overflow; 2.2.x; OSVDB ID: 795 Multiple Vendor SSH CRC-32 detect_attack() Function Overflow; 2.3.1; OSVDB ID: 504 OpenSSH SSHv2 Public Key Authentication Bypass; OSVDB ID: 839 OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow; 2.5.0; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 642 OpenSSH Multiple Key Type ACL Bypass; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 2.5.1; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 642 OpenSSH Multiple Key Type ACL Bypass; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 2.5.2; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 642 OpenSSH Multiple Key Type ACL Bypass; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 2.9; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 642 OpenSSH Multiple Key Type ACL Bypass; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 2.1.1; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 6248 Multiple SSH Client ssh-agent Forwarding Information Disclosure; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 2114 Multiple SSH Client X11 Forwarding Information Disclosure; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 2.2.0; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 6248 Multiple SSH Client ssh-agent Forwarding Information Disclosure; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 2114 Multiple SSH Client X11 Forwarding Information Disclosure; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 2.3.0; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 1853 OpenSSH Symbolic Link 'cookies' File Removal; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 5536 OpenSSH sftp-server Restricted Keypair Restriction Bypass; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 2.9.9; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 5408 OpenSSH echo simulation Information Disclosure; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 3.0; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; OSVDB ID: 6245 OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 3.0.1; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; OSVDB ID: 6245 OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; OSVDB ID: 688 OpenSSH UseLogin Environment Variable Local Command Execution; 3.0.2; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; OSVDB ID: 6245 OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow; OSVDB ID: 730 OpenSSH Channel Code Off by One Remote Privilege Escalation; 3.1; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; OSVDB ID: 6245 OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 3.2.0; OSVDB ID: 781 OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow; 2.5x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; OSVDB ID: 839 OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow; 2.9x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; OSVDB ID: 839 OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow; 3.0x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; OSVDB ID: 839 OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow; 3.1x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; OSVDB ID: 839 OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow; 3.2x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; OSVDB ID: 839 OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow; 3.3x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; OSVDB ID: 839 OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow; 1.2x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; 2.1x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; 2.2x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; 2.3x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; 3.4x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; 3.5x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; 3.6.1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; OSVDB ID: 2109 OpenSSH sshd Root Login Timing Side-Channel Weakness; 3.0 p1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.0.1 p1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.0.2 p1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.1p1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.2; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.2.3 p1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.3; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 3.3 p1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.4; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 3.4p1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.5; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 3.6.1 p2; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.6.1p1; OSVDB ID: 2112 OpenSSH Reverse DNS Lookup Bypass; 3.6; OSVDB ID: 2557 OpenSSH Multiple Buffer Management Multiple Overflows; 3.7; OSVDB ID: 2557 OpenSSH Multiple Buffer Management Multiple Overflows; 3.6x; OSVDB ID: 3456 OpenSSH buffer_append_space() Heap Corruption; any that depend on OpenSSL 0.9.4 and prior; OSVDB ID: 3938 OpenSSL and OpenSSH /dev/random Check Failure; 3.2.1; OSVDB ID: 6245 OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow; 3.2.2; OSVDB ID: 6245 OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow; 3.2.3; OSVDB ID: 6245 OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow; 2.x; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 3.0.x; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 3.2.x; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 3.6.x; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 3.7.0; OSVDB ID: 6601 OpenSSH *realloc() Unspecified Memory Errors; 4.3; OSVDB ID: 29266 OpenSSH GSSAPI Authentication Abort Username Enumeration; OSVDB ID: 29264 OpenSSH Signal Handler Pre-authentication Race Condition Code Execution; OSVDB ID: 29152 OpenSSH Identical Block Packet DoS

OpenSSH (native): 1.2.3; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.1.0; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.1.1; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.2.0; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.3.0; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.5.0; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.5.1; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.5.2; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.9; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 2.9.9; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 3.0; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 3.0.1; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 3.0.2; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 3.1; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass; 3.2.2; OSVDB ID: 5113 OpenSSH YP Netgroups Authentication Bypass

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.