rpm package
suse/openssh&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (19)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-6109 | Med | 6.8 | < 6.6p1-54.26.1 | 6.6p1-54.26.1 | Jan 31, 2019 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being | |
| CVE-2019-6111 | — | < 6.6p1-54.26.1 | 6.6p1-54.26.1 | Jan 31, 2019 | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att | ||
| CVE-2019-6110 | — | < 6.6p1-54.26.1 | 6.6p1-54.26.1 | Jan 31, 2019 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | ||
| CVE-2018-20685 | — | < 6.6p1-54.26.1 | 6.6p1-54.26.1 | Jan 10, 2019 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | ||
| CVE-2018-15473 | — | < 6.6p1-54.18.1 | 6.6p1-54.18.1 | Aug 17, 2018 | OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | ||
| CVE-2016-10708 | Hig | 7.5 | < 6.6p1-54.15.2 | 6.6p1-54.15.2 | Jan 21, 2018 | sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | |
| CVE-2017-15906 | Med | 5.3 | < 6.6p1-54.15.2 | 6.6p1-54.15.2 | Oct 26, 2017 | The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | |
| CVE-2016-1908 | Cri | 9.8 | < 6.6p1-42.1 | 6.6p1-42.1 | Apr 11, 2017 | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging conf | |
| CVE-2016-6210 | Med | 5.9 | < 6.6p1-52.1 | 6.6p1-52.1 | Feb 13, 2017 | sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large p | |
| CVE-2016-10012 | Hig | 7.8 | < 6.6p1-54.15.2 | 6.6p1-54.15.2 | Jan 5, 2017 | The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation pr | |
| CVE-2016-10011 | Med | 6.2 | < 6.6p1-54.7.1 | 6.6p1-54.7.1 | Jan 5, 2017 | authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | |
| CVE-2016-10009 | Hig | 7.3 | < 6.6p1-54.7.1 | 6.6p1-54.7.1 | Jan 5, 2017 | Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. | |
| CVE-2016-8858 | Hig | 7.5 | < 6.6p1-54.7.1 | 6.6p1-54.7.1 | Dec 9, 2016 | The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a securit | |
| CVE-2016-6515 | Hig | 7.5 | < 6.6p1-52.1 | 6.6p1-52.1 | Aug 7, 2016 | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. | |
| CVE-2015-8325 | Hig | 7.8 | < 6.6p1-42.1 | 6.6p1-42.1 | May 1, 2016 | The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/logi | |
| CVE-2016-3115 | Med | 6.4 | < 6.6p1-42.1 | 6.6p1-42.1 | Mar 22, 2016 | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. | |
| CVE-2016-0778 | Hig | 8.1 | < 6.6p1-33.1 | 6.6p1-33.1 | Jan 14, 2016 | The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denia | |
| CVE-2016-0777 | Med | 6.5 | < 6.6p1-33.1 | 6.6p1-33.1 | Jan 14, 2016 | The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | |
| CVE-2008-1483 | — | < 6.6p1-54.15.2 | 6.6p1-54.15.2 | Mar 24, 2008 | OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emac |
- affected < 6.6p1-54.26.1fixed 6.6p1-54.26.1
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being
- CVE-2019-6111Jan 31, 2019affected < 6.6p1-54.26.1fixed 6.6p1-54.26.1
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att
- CVE-2019-6110Jan 31, 2019affected < 6.6p1-54.26.1fixed 6.6p1-54.26.1
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
- CVE-2018-20685Jan 10, 2019affected < 6.6p1-54.26.1fixed 6.6p1-54.26.1
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
- CVE-2018-15473Aug 17, 2018affected < 6.6p1-54.18.1fixed 6.6p1-54.18.1
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
- affected < 6.6p1-54.15.2fixed 6.6p1-54.15.2
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
- affected < 6.6p1-54.15.2fixed 6.6p1-54.15.2
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
- affected < 6.6p1-42.1fixed 6.6p1-42.1
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging conf
- affected < 6.6p1-52.1fixed 6.6p1-52.1
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large p
- affected < 6.6p1-54.15.2fixed 6.6p1-54.15.2
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation pr
- affected < 6.6p1-54.7.1fixed 6.6p1-54.7.1
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
- affected < 6.6p1-54.7.1fixed 6.6p1-54.7.1
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
- affected < 6.6p1-54.7.1fixed 6.6p1-54.7.1
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a securit
- affected < 6.6p1-52.1fixed 6.6p1-52.1
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
- affected < 6.6p1-42.1fixed 6.6p1-42.1
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/logi
- affected < 6.6p1-42.1fixed 6.6p1-42.1
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
- affected < 6.6p1-33.1fixed 6.6p1-33.1
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denia
- affected < 6.6p1-33.1fixed 6.6p1-33.1
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
- CVE-2008-1483Mar 24, 2008affected < 6.6p1-54.15.2fixed 6.6p1-54.15.2
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emac