Openbsd: >> Openssh >> 1.2 Security Vulnerabilities
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
CVSS Score
7.5
EPSS Score
0.002
Published
2001-12-06
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
CVSS Score
7.5
EPSS Score
0.046
Published
2001-10-18
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-09-27
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
CVSS Score
7.2
EPSS Score
0.001
Published
2001-08-14
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
CVSS Score
5.0
EPSS Score
0.028
Published
2000-12-19
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
CVSS Score
10.0
EPSS Score
0.009
Published
2000-06-08
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
CVSS Score
5.1
EPSS Score
0.006
Published
2000-02-24
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-02-11
Page 6