rpm package
opensuse/openssh&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/openssh&distro=openSUSE%20Tumbleweed
Vulnerabilities (32)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-10012 | Hig | 7.8 | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 5, 2017 | The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation pr | |
| CVE-2016-10011 | Med | 6.2 | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 5, 2017 | authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | |
| CVE-2016-10010 | Hig | 7.0 | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 5, 2017 | sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. | |
| CVE-2016-10009 | Hig | 7.3 | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 5, 2017 | Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. | |
| CVE-2016-8858 | Hig | 7.5 | < 8.4p1-7.4 | 8.4p1-7.4 | Dec 9, 2016 | The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a securit | |
| CVE-2016-6515 | Hig | 7.5 | < 7.2p2-3.1 | 7.2p2-3.1 | Aug 7, 2016 | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. | |
| CVE-2015-8325 | Hig | 7.8 | < 7.2p2-3.1 | 7.2p2-3.1 | May 1, 2016 | The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/logi | |
| CVE-2016-0778 | Hig | 8.1 | < 7.2p2-3.1 | 7.2p2-3.1 | Jan 14, 2016 | The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denia | |
| CVE-2016-0777 | Med | 6.5 | < 7.2p2-3.1 | 7.2p2-3.1 | Jan 14, 2016 | The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | |
| CVE-2008-1483 | — | < 8.4p1-7.4 | 8.4p1-7.4 | Mar 24, 2008 | OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emac | ||
| CVE-2007-4752 | — | < 8.4p1-7.4 | 8.4p1-7.4 | Sep 12, 2007 | ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. | ||
| CVE-2006-0225 | — | < 8.4p1-7.4 | 8.4p1-7.4 | Jan 25, 2006 | scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. |
- affected < 8.4p1-7.4fixed 8.4p1-7.4
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation pr
- affected < 8.4p1-7.4fixed 8.4p1-7.4
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
- affected < 8.4p1-7.4fixed 8.4p1-7.4
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
- affected < 8.4p1-7.4fixed 8.4p1-7.4
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
- affected < 8.4p1-7.4fixed 8.4p1-7.4
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a securit
- affected < 7.2p2-3.1fixed 7.2p2-3.1
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
- affected < 7.2p2-3.1fixed 7.2p2-3.1
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/logi
- affected < 7.2p2-3.1fixed 7.2p2-3.1
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denia
- affected < 7.2p2-3.1fixed 7.2p2-3.1
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
- CVE-2008-1483Mar 24, 2008affected < 8.4p1-7.4fixed 8.4p1-7.4
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emac
- CVE-2007-4752Sep 12, 2007affected < 8.4p1-7.4fixed 8.4p1-7.4
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
- CVE-2006-0225Jan 25, 2006affected < 8.4p1-7.4fixed 8.4p1-7.4
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
Page 2 of 2