Samhain Labs: Security Vulnerabilities
The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.
CVSS Score
7.5
EPSS Score
0.005
Published
2010-04-23
Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.
CVSS Score
7.2
EPSS Score
0.001
Published
2004-12-31
Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-31
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.
CVSS Score
7.5
EPSS Score
0.103
Published
2004-03-15