Samhain Labs: >> Samhain >> 2.0.1 Security Vulnerabilities
The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.
CVSS Score
7.5
EPSS Score
0.005
Published
2010-04-23
Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.
CVSS Score
7.2
EPSS Score
0.001
Published
2004-12-31
Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-31