rpm package

suse/openssh&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4

pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Vulnerabilities (24)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-6109	Med	6.8	< 6.6p1-36.12.1	6.6p1-36.12.1	Jan 31, 2019	An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being
CVE-2019-6111		—	< 6.6p1-36.12.1	6.6p1-36.12.1	Jan 31, 2019	An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att
CVE-2019-6110		—	< 6.6p1-36.12.1	6.6p1-36.12.1	Jan 31, 2019	In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
CVE-2018-20685		—	< 6.6p1-36.12.1	6.6p1-36.12.1	Jan 10, 2019	In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-15473		—	< 6.6p1-36.6.1	6.6p1-36.6.1	Aug 17, 2018	OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVE-2016-10708	Hig	7.5	< 6.6p1-36.3.1	6.6p1-36.3.1	Jan 21, 2018	sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
CVE-2017-15906	Med	5.3	< 6.6p1-36.3.1	6.6p1-36.3.1	Oct 26, 2017	The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2016-1908	Cri	9.8	< 6.6p1-21.1	6.6p1-21.1	Apr 11, 2017	The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging conf
CVE-2016-6210	Med	5.9	< 6.6p1-28.1	6.6p1-28.1	Feb 13, 2017	sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large p
CVE-2016-10012	Hig	7.8	< 6.6p1-36.3.1	6.6p1-36.3.1	Jan 5, 2017	The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation pr
CVE-2016-10011	Med	6.2	< 6.6p1-35.1	6.6p1-35.1	Jan 5, 2017	authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2016-10009	Hig	7.3	< 6.6p1-35.1	6.6p1-35.1	Jan 5, 2017	Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVE-2016-8858	Hig	7.5	< 6.6p1-35.1	6.6p1-35.1	Dec 9, 2016	The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a securit
CVE-2016-6515	Hig	7.5	< 6.6p1-28.1	6.6p1-28.1	Aug 7, 2016	The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVE-2015-8325	Hig	7.8	< 6.6p1-21.1	6.6p1-21.1	May 1, 2016	The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/logi
CVE-2016-3115	Med	6.4	< 6.6p1-21.1	6.6p1-21.1	Mar 22, 2016	Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
CVE-2016-0778	Hig	8.1	< 6.6p1-16.1	6.6p1-16.1	Jan 14, 2016	The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denia
CVE-2016-0777	Med	6.5	< 6.6p1-16.1	6.6p1-16.1	Jan 14, 2016	The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
CVE-2015-6564	Hig	7.0	< 6.6p1-13.1	6.6p1-13.1	Aug 24, 2015	Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
CVE-2015-6563	Med	6.4	< 6.6p1-13.1	6.6p1-13.1	Aug 24, 2015	The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd

CVE-2019-6109MedJan 31, 2019
affected < 6.6p1-36.12.1fixed 6.6p1-36.12.1
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being
CVE-2019-6111Jan 31, 2019
affected < 6.6p1-36.12.1fixed 6.6p1-36.12.1
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att
CVE-2019-6110Jan 31, 2019
affected < 6.6p1-36.12.1fixed 6.6p1-36.12.1
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
CVE-2018-20685Jan 10, 2019
affected < 6.6p1-36.12.1fixed 6.6p1-36.12.1
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-15473Aug 17, 2018
affected < 6.6p1-36.6.1fixed 6.6p1-36.6.1
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVE-2016-10708HigJan 21, 2018
affected < 6.6p1-36.3.1fixed 6.6p1-36.3.1
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
CVE-2017-15906MedOct 26, 2017
affected < 6.6p1-36.3.1fixed 6.6p1-36.3.1
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2016-1908CriApr 11, 2017
affected < 6.6p1-21.1fixed 6.6p1-21.1
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging conf
CVE-2016-6210MedFeb 13, 2017
affected < 6.6p1-28.1fixed 6.6p1-28.1
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large p
CVE-2016-10012HigJan 5, 2017
affected < 6.6p1-36.3.1fixed 6.6p1-36.3.1
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation pr
CVE-2016-10011MedJan 5, 2017
affected < 6.6p1-35.1fixed 6.6p1-35.1
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2016-10009HigJan 5, 2017
affected < 6.6p1-35.1fixed 6.6p1-35.1
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVE-2016-8858HigDec 9, 2016
affected < 6.6p1-35.1fixed 6.6p1-35.1
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a securit
CVE-2016-6515HigAug 7, 2016
affected < 6.6p1-28.1fixed 6.6p1-28.1
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVE-2015-8325HigMay 1, 2016
affected < 6.6p1-21.1fixed 6.6p1-21.1
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/logi
CVE-2016-3115MedMar 22, 2016
affected < 6.6p1-21.1fixed 6.6p1-21.1
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
CVE-2016-0778HigJan 14, 2016
affected < 6.6p1-16.1fixed 6.6p1-16.1
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denia
CVE-2016-0777MedJan 14, 2016
affected < 6.6p1-16.1fixed 6.6p1-16.1
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
CVE-2015-6564HigAug 24, 2015
affected < 6.6p1-13.1fixed 6.6p1-13.1
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
CVE-2015-6563MedAug 24, 2015
affected < 6.6p1-13.1fixed 6.6p1-13.1
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd

Page 1 of 2