CVE-2003-0386
published 2003-07-02CVE-2003-0386: OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.77%
92.1th percentile
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:3.8p1-1 (bookworm) | openssh 1:3.8p1-1 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:3.8p1-1 | 1:3.8p1-1 |
| openbsd | openssh | >= 0 < 1:3.8p1-1 | 1:3.8p1-1 |
| openbsd | openssh | >= 0 < 1:3.8p1-1 | 1:3.8p1-1 |
| openbsd | openssh | >= 0 < 1:3.8p1-1 | 1:3.8p1-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2003-06-05·CVSS 7.5
CVE-2003-0386 [HIGH] security flaw
security flaw
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Debian
CVE-2003-0386: openssh - OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses ...
vendor_debian·2003·CVSS 7.5
CVE-2003-0386 [HIGH] CVE-2003-0386: openssh - OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses ...
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Scope: local
bookworm: resolved (fixed in 1:3.8p1-1)
bullseye: resolved (fixed in 1:3.8p1-1)
forky: resolved (fixed in 1:3.8p1-1)
sid: resolved (fixed in 1:3.8p1-1)
trixie: resolved (fixed in 1:3.8p1-1)
GHSA
GHSA-ph8j-5f3x-v435: OpenSSH 3
ghsa_unreviewed·2022-05-03
CVE-2003-0386 [HIGH] GHSA-ph8j-5f3x-v435: OpenSSH 3
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
OSV
CVE-2003-0386: OpenSSH 3
osv·2003-07-02·CVSS 7.5
CVE-2003-0386 [HIGH] CVE-2003-0386: OpenSSH 3
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0386 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2003-0386 [HIGH] CVE-2003-0386 security flaw
CVE-2003-0386 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Bugzilla
CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)
bugzilla·2006-09-30·CVSS 7.5
CVE-2006-4924 [HIGH] CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)
CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)
creating as a clone of bug 207955 (and also bug 207957 which is for fc5) --
create clone doens't seemt o be workign for me for some reason, so copy/pasted
int he description from those bugs.
Tavis Ormandy of the Google Security Team discovered a denial of service attack
on the openssh sshd daemon when ssh protocol version 1 is enabled. This flaw
will cause the openssh server to consume a large quantity of the CPU until the
specified timeout is reached.
The upstream patches can be found here:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
h
Bugzilla
CVE-2003-0386 host based access bypass
bugzilla·2006-09-27·CVSS 7.5
CVE-2003-0386 [HIGH] CVE-2003-0386 host based access bypass
CVE-2003-0386 host based access bypass
+++ This bug was initially created as a clone of Bug #164661 +++
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414
Description of problem:
The OpenSSH server included with RHEL 3.0 (apparently all updates) is vulnerable
to CAN-2003-0386. Apparently the fix for this vulnerability has never been
backported into Red Hat's openssh-server-3.6.1p2 RPMs.
An attacker can bypass IP-based AllowUser restrictions in the
/etc/ssh/sshd_config file if the attacker controls reverse DNS for his system by
providing a reverse DNS hostname for his machine which is the IP address allowed
by the AllowUser restriction.
This vulnerability can be mitigated by turning on VerifyReverseMapping, but this
is turned off
Bugzilla
CVE-2003-0386 host based access bypass
bugzilla·2005-07-29·CVSS 7.5
CVE-2003-0386 [HIGH] CVE-2003-0386 host based access bypass
CVE-2003-0386 host based access bypass
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414
Description of problem:
The OpenSSH server included with RHEL 3.0 (apparently all updates) is vulnerable to CAN-2003-0386. Apparently the fix for this vulnerability has never been backported into Red Hat's openssh-server-3.6.1p2 RPMs.
An attacker can bypass IP-based AllowUser restrictions in the /etc/ssh/sshd_config file if the attacker controls reverse DNS for his system by providing a reverse DNS hostname for his machine which is the IP address allowed by the AllowUser restriction.
This vulnerability can be mitigated by turning on VerifyReverseMapping, but this is turned off by default.
Version-Release number of selected component (if appl
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.aschttp://lists.apple.com/mhonarc/security-announce/msg00038.htmlhttp://secunia.com/advisories/21129http://secunia.com/advisories/21262http://secunia.com/advisories/21724http://secunia.com/advisories/22196http://secunia.com/advisories/23680http://support.avaya.com/elmodocs2/security/ASA-2006-174.htmhttp://www.kb.cert.org/vuls/id/978316http://www.redhat.com/support/errata/RHSA-2006-0298.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0698.htmlhttp://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0http://www.securityfocus.com/bid/7831http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.aschttp://lists.apple.com/mhonarc/security-announce/msg00038.htmlhttp://secunia.com/advisories/21129http://secunia.com/advisories/21262http://secunia.com/advisories/21724http://secunia.com/advisories/22196http://secunia.com/advisories/23680http://support.avaya.com/elmodocs2/security/ASA-2006-174.htmhttp://www.kb.cert.org/vuls/id/978316http://www.redhat.com/support/errata/RHSA-2006-0298.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0698.htmlhttp://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0http://www.securityfocus.com/bid/7831http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894
2003-07-02
Published