Download
| Alert*
oval:org.secpod.oval:def:1600882
Improper write operations in readonly mode allow for zero-length file creationThe process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:1800844 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:204785 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Improper write operations in readonly mode allow for zero-length file creation For mor ... oval:org.secpod.oval:def:1800034 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:1800850 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:205183 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: User enumeration via malformed packets in authentication requests For more details abo ... oval:org.secpod.oval:def:1502485 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502640 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: User enumeration via malformed packets in authentication requests For more details abo ... oval:org.secpod.oval:def:113759 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:113776 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:502274 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Improper write operations in readonly mode allow for zero-length file creation For mor ... oval:org.secpod.oval:def:1502169 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700056 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:113619 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1800559 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:1600390 An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory of a successfully authenticated OpenSSH client.A buffer overflow flaw was found in the way the OpenSSH client roaming featu ... oval:org.secpod.oval:def:1800137 OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user"s private keys. This may be mitigated by adding the undocumented config option UseRoaming no to ssh_config. This bu ... oval:org.secpod.oval:def:400633 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... |