VYPR

rpm package

suse/openssh-openssl1&distro=SUSE Linux Enterprise Server 11-SECURITY

pkg:rpm/suse/openssh-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY

Vulnerabilities (16)

  • CVE-2021-41617HigSep 26, 2021
    affected < 6.6p1-19.12.1fixed 6.6p1-19.12.1

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges

  • CVE-2018-15473Aug 17, 2018
    affected < 6.6p1-19.6.1fixed 6.6p1-19.6.1

    OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

  • CVE-2016-10708HigJan 21, 2018
    affected < 6.6p1-19.3.1fixed 6.6p1-19.3.1

    sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

  • CVE-2017-15906MedOct 26, 2017
    affected < 6.6p1-19.3.1fixed 6.6p1-19.3.1

    The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

  • CVE-2016-1908CriApr 11, 2017
    affected < 6.6p1-15.1fixed 6.6p1-15.1

    The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging conf

  • CVE-2016-6210MedFeb 13, 2017
    affected < 6.6p1-15.1fixed 6.6p1-15.1

    sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large p

  • CVE-2016-10012HigJan 5, 2017
    affected < 6.6p1-19.3.1fixed 6.6p1-19.3.1

    The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation pr

  • CVE-2016-10011MedJan 5, 2017
    affected < 6.6p1-18.1fixed 6.6p1-18.1

    authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

  • CVE-2016-10009HigJan 5, 2017
    affected < 6.6p1-18.1fixed 6.6p1-18.1

    Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

  • CVE-2016-8858HigDec 9, 2016
    affected < 6.6p1-18.1fixed 6.6p1-18.1

    The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a securit

  • CVE-2016-6515HigAug 7, 2016
    affected < 6.6p1-15.1fixed 6.6p1-15.1

    The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

  • CVE-2015-8325HigMay 1, 2016
    affected < 6.6p1-15.1fixed 6.6p1-15.1

    The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/logi

  • CVE-2016-3115MedMar 22, 2016
    affected < 6.6p1-15.1fixed 6.6p1-15.1

    Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

  • CVE-2016-0778HigJan 14, 2016
    affected < 6.6p1-10.1fixed 6.6p1-10.1

    The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denia

  • CVE-2016-0777MedJan 14, 2016
    affected < 6.6p1-10.1fixed 6.6p1-10.1

    The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

  • CVE-2008-1483Mar 24, 2008
    affected < 6.6p1-19.3.1fixed 6.6p1-19.3.1

    OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emac