Shodan
Vulnerabilities
Vulnerable Software
Openbsd:  >> Openssh  >> 3.6.1p2  Security Vulnerabilities
CVE-2005-2666
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
CVSS Score
1.2
EPSS Score
0.012
Published
2005-08-23
CVE-2004-2069
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
CVSS Score
5.0
EPSS Score
0.034
Published
2004-12-31
CVE-2004-1653
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
CVSS Score
6.4
EPSS Score
0.116
Published
2004-08-31
CVE-2003-1562
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
CVSS Score
7.6
EPSS Score
0.056
Published
2003-12-31
CVE-2003-0682
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
CVSS Score
7.5
EPSS Score
0.086
Published
2003-10-06
CVE-2003-0695
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
CVSS Score
7.5
EPSS Score
0.036
Published
2003-10-06
CVE-2003-0693
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
CVSS Score
10.0
EPSS Score
0.099
Published
2003-09-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved