Download
| Alert*
oval:org.secpod.oval:def:500588
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciph ... oval:org.secpod.oval:def:1601345 A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default oval:org.secpod.oval:def:1601010 Due to a problem with the configuration of kernels 3.10.34-37 and 3.10.34-38 and their interaction with the authentication modules stack, the sshd daemon which is part of the openssh package will no longer allow remote logins following a restart of the sshd service.There are two permanant fixes for ... oval:org.secpod.oval:def:500680 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 loosened certain ownership requirements for directories used as ... oval:org.secpod.oval:def:201968 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 loosened certain ownership requirements for directories used as ... oval:org.secpod.oval:def:1800035 openssh is installed oval:org.secpod.oval:def:89002277 This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message . oval:org.secpod.oval:def:202081 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciph ... oval:org.secpod.oval:def:204194 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip th ... oval:org.secpod.oval:def:1600205 Due to the way the pam_ssh_agent_auth PAM module was built, the glibc"s error function was called rather than the intended error function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_a ... oval:org.secpod.oval:def:111390 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:202006 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciph ... oval:org.secpod.oval:def:1500925 The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would forc ... oval:org.secpod.oval:def:203154 openssh is installed oval:org.secpod.oval:def:1500018 Updated openssh packages that fix one security issue, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives ... oval:org.secpod.oval:def:202054 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 loosened certain ownership requirements for directories used as ... oval:org.secpod.oval:def:89044926 This update for openssh fixes the following issues: Security issue fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server . Bug fixes: - FIPS: Startup selfchecks . - FIPS: Silent complaints about unsupported key exchange methods . - Refine handling of sockets for X ... oval:org.secpod.oval:def:1800850 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:1600882 Improper write operations in readonly mode allow for zero-length file creationThe process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:1800844 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:1800034 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:204785 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Improper write operations in readonly mode allow for zero-length file creation For mor ... oval:org.secpod.oval:def:110896 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1800790 When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hardcoded in the SSHD source code. On this hard coded password structure the password hash is based on BLOWFISH algorithm.If real users passwords are hashed using SHA256/SHA512, then sending large passwor ... oval:org.secpod.oval:def:89045311 This update for openssh fixes the following issues: - CVE-2016-6210: Prevent user enumeration through the timing of password processing [-prevent_timing_user_enumeration] - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used - CVE-2016-6515: Limiting ... oval:org.secpod.oval:def:110422 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:204126 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:1801176 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:1801160 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:1801165 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:1801169 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:89002421 This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not wa ... oval:org.secpod.oval:def:1600925 OpenSSH is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:503380 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * openssh: scp c ... oval:org.secpod.oval:def:89003174 This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers . - CVE-2019-6111: Properly ... oval:org.secpod.oval:def:66496 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * openssh: scp c ... oval:org.secpod.oval:def:89003343 This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers . - CVE-2019-6111: Properly ... oval:org.secpod.oval:def:89003346 This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate te ... oval:org.secpod.oval:def:89003332 This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate te ... oval:org.secpod.oval:def:111475 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1503868 Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:202586 OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc"s error function was called rather than the intended erro ... oval:org.secpod.oval:def:202374 OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH ... oval:org.secpod.oval:def:500817 OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH ... oval:org.secpod.oval:def:501529 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip th ... oval:org.secpod.oval:def:204626 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:204550 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent ... oval:org.secpod.oval:def:500986 OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc"s error function was called rather than the intended erro ... oval:org.secpod.oval:def:89049733 This update for openssh fixes the following issues: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration as ... oval:org.secpod.oval:def:89050351 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange . oval:org.secpod.oval:def:89050306 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange . - Supplement libgtk-3-0 instead of libX11-6 to avoid installation on a textmode install - Fixed an issue where oracle cluster with cluvfy using "scp" failing/missinter ... oval:org.secpod.oval:def:1801875 A double-free memory corruption, introduced in OpenSSH 8.2, that could be reached by an attacker with access to the agent socket. Exploitable by a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access. oval:org.secpod.oval:def:116443 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1801356 CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. oval:org.secpod.oval:def:1801334 CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. oval:org.secpod.oval:def:1801326 CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. oval:org.secpod.oval:def:1801328 CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. oval:org.secpod.oval:def:111175 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:89047228 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent . oval:org.secpod.oval:def:1501408 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:1501406 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:1501654 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:203875 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:203874 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:1501425 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:501787 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:501789 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:26769 The host is installed with openssh on RHEL 6 or 7 and is prone to a brute-force vulnerability. A flaw is present in the application, which fails to check the list of keyboard-interactive authentication methods for duplicates. Successful exploitation could allow attackers to bypass the MaxAuthTries l ... oval:org.secpod.oval:def:110300 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1800280 When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hardcoded in the SSHD source code. On this hard coded password structure the password hash is based on BLOWFISH algorithm.If real users passwords are hashed using SHA256/SHA512, then sending large passwor ... oval:org.secpod.oval:def:1500300 Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:1200149 It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh coupled with "fail open" behavior in the X11 server when ... oval:org.secpod.oval:def:501995 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:1501378 The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. oval:org.secpod.oval:def:1501810 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:501928 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:501131 OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log i ... oval:org.secpod.oval:def:1600344 It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. oval:org.secpod.oval:def:110358 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1600474 It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. oval:org.secpod.oval:def:109277 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:109269 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1600376 An access flaw was discovered in the OpenSSH client where it did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even i ... oval:org.secpod.oval:def:89045158 openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to th ... oval:org.secpod.oval:def:109384 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:109465 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:109381 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:109382 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:503263 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: User enumeration via malformed packets in authentication requests For more details abo ... oval:org.secpod.oval:def:50198 CVE-2019-6110 openssh: Acceptance and display of arbitrary stderr allows for spoofing of scp client output oval:org.secpod.oval:def:502640 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: User enumeration via malformed packets in authentication requests For more details abo ... oval:org.secpod.oval:def:1505249 [8.0p1-10] - sshd -T requires -C when "Match" is used in sshd_config [8.0p1-9] - CVE-2020-14145 openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation - Hostbased ssh authentication fails if session ID contains a "/" [8.0p1-8] - ssh doesnt restore the blocking ... oval:org.secpod.oval:def:205183 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: User enumeration via malformed packets in authentication requests For more details abo ... oval:org.secpod.oval:def:2500336 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. oval:org.secpod.oval:def:1700080 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:115087 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1502485 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205341 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: User enumeration via malformed packets in authentication requests For more details abo ... oval:org.secpod.oval:def:4501341 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Observable discrepancy leading to an information leak in the algorithm negotiation For ... oval:org.secpod.oval:def:115026 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:502132 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent ... oval:org.secpod.oval:def:1501977 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800351 A denial of service vulnerability was found in openssh. The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackersto cause a denial of service via a long string.. oval:org.secpod.oval:def:502274 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Improper write operations in readonly mode allow for zero-length file creation For mor ... oval:org.secpod.oval:def:1502169 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700056 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:113759 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:113619 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:113776 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1800559 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:50197 CVE-2019-6109 openssh: Missing character encoding in progress display allows for spoofing of scp client output. oval:org.secpod.oval:def:50199 CVE-2019-6111 openssh: Improper validation of object names allows malicious server to overwrite files via scp client oval:org.secpod.oval:def:50200 openssh: scp client improper directory name validation oval:org.secpod.oval:def:1700178 An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary fil ... oval:org.secpod.oval:def:1600390 An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory of a successfully authenticated OpenSSH client.A buffer overflow flaw was found in the way the OpenSSH client roaming featu ... oval:org.secpod.oval:def:1501299 An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. oval:org.secpod.oval:def:1800137 OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user"s private keys. This may be mitigated by adding the undocumented config option UseRoaming no to ssh_config. This bu ... oval:org.secpod.oval:def:501741 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak port ... oval:org.secpod.oval:def:89045316 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... oval:org.secpod.oval:def:110050 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:400633 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... oval:org.secpod.oval:def:110019 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:203811 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak port ... oval:org.secpod.oval:def:205920 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are conf ... oval:org.secpod.oval:def:89046093 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings . oval:org.secpod.oval:def:1601514 A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherited g ... oval:org.secpod.oval:def:1505444 [7.4p1-22.0.1_fips] - Change Epoch from 1 to 10 - Enable fips KDF POST [Orabug: 32461750] - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739] [7.4p1-22.0.1] - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer witho ... oval:org.secpod.oval:def:1505329 [7.4p1-22.0.1] - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation [Orabug: 30448895] [7.4p1-22 + 0.10.3-2] - avoid segfault in Kerberos cache cleanup - fix CVE-2021-41617 oval:org.secpod.oval:def:120875 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1505649 [8.0p1-13] - Upstream: ClientAliveCountMax=0 disable the connection killing behaviour [8.0p1-12] - Add support for "Include" directive in sshd_config file [8.0p1-11] - CVE-2021-41617 upstream fix oval:org.secpod.oval:def:89047338 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured . oval:org.secpod.oval:def:204298 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip th ... oval:org.secpod.oval:def:1200025 A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.It was d ... oval:org.secpod.oval:def:204168 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ... oval:org.secpod.oval:def:501419 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip th ... oval:org.secpod.oval:def:109478 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:1600060 sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.The verify_host_key function in sshconnect.c in the client in OpenSSH 6 ... oval:org.secpod.oval:def:204183 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to full ... oval:org.secpod.oval:def:107001 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:501816 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ... oval:org.secpod.oval:def:1500748 Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed ... oval:org.secpod.oval:def:1200191 The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a craft ... oval:org.secpod.oval:def:501690 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to full ... oval:org.secpod.oval:def:1501461 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ... oval:org.secpod.oval:def:1501232 The remote host is missing a patch containing a security fix, which affects the following package(s): openssh oval:org.secpod.oval:def:107086 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:127148 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:507643 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: the functions order_hostkeyalgs and list_hostkey_types leads to double-free vulnerabili ... oval:org.secpod.oval:def:125521 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:97781 [CLSA-2023:1703785140] openssh: Fix of CVE-2023-51385 oval:org.secpod.oval:def:19500652 In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host ... oval:org.secpod.oval:def:125941 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:507875 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security ... oval:org.secpod.oval:def:507876 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security ... oval:org.secpod.oval:def:89049138 This update for openssh fixes the following issue: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agent ... oval:org.secpod.oval:def:89049137 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:89049136 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:89049135 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:89049134 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:507882 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security ... oval:org.secpod.oval:def:97741 [CLSA-2023:1691576939] openssh: Fix of CVE-2023-38408 oval:org.secpod.oval:def:97702 [CLSA-2022:1671481339] openssh: Fix of 2 CVEs oval:org.secpod.oval:def:1800880 CVE-2016-10009: loading of untrusted PKCS#11 modules in ssh-agent. Ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a forwarded agent channel could potentially use this flaw to execute arbitrary code on the syste ... oval:org.secpod.oval:def:502089 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * A covert timin ... oval:org.secpod.oval:def:111858 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:204642 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * A covert timin ... oval:org.secpod.oval:def:1501987 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600784 A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. It was found that OpenSSH did not limit password lengths f ... oval:org.secpod.oval:def:89002187 This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away . - CVE-2016-10708: Fix remote denial of service via an out-of-sequence NEWKEYSmessage . - CVE-2017-15906: Fix r/o sftp-server zero byte file cre ... oval:org.secpod.oval:def:97658 [CLSA-2022:1658171011] Fixed CVE-2016-10012 in openssh oval:org.secpod.oval:def:97655 [CLSA-2022:1657561632] Fixed CVEs in openssh-5.3p1: CVE-2016-10708, CVE-2016-10012 oval:org.secpod.oval:def:97651 [CLSA-2022:1656962023] Fixed CVE-2016-10009 in openssh-5.3p1 oval:org.secpod.oval:def:89044728 This update for openssh fixes several issues. These security issues were fixed: - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service by sending many duplicate KEXINIT requests . - CVE-2016-10012: The shared memory manager did not ensure tha ... oval:org.secpod.oval:def:89051532 This update for openssh fixes the following issues: * CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection oval:org.secpod.oval:def:89051534 This update for openssh fixes the following issues: * CVE-2023-51385: Fixed command injection via user name or host name metacharacters . oval:org.secpod.oval:def:89051542 This update for openssh fixes the following issues: * CVE-2023-51385: Fixed a command injection via user name or host name metacharacters . * Remember the state of sshd service during update / removal, to allow cut- over to a different openssh package. bsc#1220110 oval:org.secpod.oval:def:509034 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: ssh: Prefix truncation attack on Binary Packet Protocol openssh: potential command injection via ... oval:org.secpod.oval:def:1701991 AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ... oval:org.secpod.oval:def:19500545 AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ... oval:org.secpod.oval:def:2600519 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. oval:org.secpod.oval:def:1507374 [8.7p1-34.3] - Fix Terrapin attack Resolves: RHEL-19764 - Forbid shell metasymbols in username/hostname Resolves: RHEL-19822 oval:org.secpod.oval:def:89051287 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:89051284 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:89051280 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . the following non-security bug was fixed: * Fix the "no route to host" error when connecting via ProxyJump oval:org.secpod.oval:def:89051278 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . |