Openbsd: >> Openssh >> 3.7.1p1 Security Vulnerabilities
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVSS Score
8.1
EPSS Score
0.016
Published
2006-09-27
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
CVSS Score
5.0
EPSS Score
0.16
Published
2006-09-27
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
CVSS Score
7.8
EPSS Score
0.464
Published
2006-09-27
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
CVSS Score
6.4
EPSS Score
0.005
Published
2004-08-31
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
CVSS Score
10.0
EPSS Score
0.023
Published
2003-11-17
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
CVSS Score
7.5
EPSS Score
0.005
Published
2003-11-17
Page 5