CVE-2003-0386 — Openssh vulnerability

10 documents7 sources

Severity

7.5HIGHNVD

EPSS

9.6%

top 7.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedJul 2

Latest updateMay 3

Description

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:3.8p1-1+3

▶NVDopenbsd/openssh3.6.1

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-ph8j-5f3x-v435: OpenSSH 3↗2022-05-03

▶

OSV

CVE-2003-0386: OpenSSH 3↗2003-07-02

▶

CVEList

CVE-2003-0386: OpenSSH 3↗2003-06-10

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-06-05

▶

Debian

CVE-2003-0386: openssh - OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses ...↗2003

▶

💬Community

Bugzilla

CVE-2003-0386 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)↗2006-09-30

▶

Bugzilla

CVE-2003-0386 host based access bypass↗2006-09-27

▶

Bugzilla

CVE-2003-0386 host based access bypass↗2005-07-29

▶