CVE-2004-1653
published 2004-08-31CVE-2004-1653: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with…
PriorityP271medium6.4CVSS 2.0
AVNACLAuNCPIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
11.57%
95.5th percentile
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | — | — |
| openbsd | openssh | <= 3.9 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for OpenSSH configurations where AllowTcpForwarding is enabled (default) combined with anonymous access programs such as AnonCVS, which enables port bounce attacks by remote authenticated users. ↗
- ·AllowTcpForwarding is enabled by default in OpenSSH. It can be disabled via the /etc/ssh/sshd_config configuration file, but disabling TCP forwarding alone does not improve security unless users are also denied shell access. ↗
- ·The relevant configuration file to audit and harden is /etc/ssh/sshd_config for the AllowTcpForwarding directive. ↗
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vulncheck6.4MEDIUM
vendor_debian6.4LOW
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-1653: openssh - The default configuration for OpenSSH enables AllowTcpForwarding, which could al...
vendor_debian·2004·CVSS 6.4
CVE-2004-1653 [MEDIUM] CVE-2004-1653: openssh - The default configuration for OpenSSH enables AllowTcpForwarding, which could al...
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
CVE-2004-1653: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configur
vendor_redhat·CVSS 6.4
CVE-2004-1653 [MEDIUM] CVE-2004-1653: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configur
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
Statement: Permitting TCP forwarding is the expected and known default configuration. If it is not desired, it can disabled using the AllowTcpForwarding option in the /etc/ssh/sshd_config configuration file. However, only disabling TCP forwarding does not improve security unless users are also denied shell access. For more information, see man sshd_config.
GHSA
GHSA-r52p-h476-w962: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configur
ghsa_unreviewed·2022-04-29
CVE-2004-1653 [MEDIUM] GHSA-r52p-h476-w962: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configur
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
VulnCheck
OpenSSH 'AllowTcpForwarding' Port Bounce Vulnerability
vulncheck·2004·CVSS 6.4
CVE-2004-1653 [MEDIUM] OpenSSH 'AllowTcpForwarding' Port Bounce Vulnerability
OpenSSH 'AllowTcpForwarding' Port Bounce Vulnerability
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
Affected: OpenBSD openssh
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://news.softpedia.com/news/12-year-old-ssh-bug-used-to-relay-malicious-traffic-via-iot-devices-509225.shtml
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=109413637313484&w=2http://securitytracker.com/id?1011143http://www.osvdb.org/9562https://exchange.xforce.ibmcloud.com/vulnerabilities/17213https://security.netapp.com/advisory/ntap-20191107-0001/http://marc.info/?l=bugtraq&m=109413637313484&w=2http://securitytracker.com/id?1011143http://www.osvdb.org/9562https://exchange.xforce.ibmcloud.com/vulnerabilities/17213https://security.netapp.com/advisory/ntap-20191107-0001/
2004-08-31
Published
Exploited in the wild