CVE-2005-2797 — Openssh vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedSep 6

Latest updateMay 3

Description

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:4.2p1-1+3

▶NVDopenbsd/openssh4.0

Patches

Patch: secunia.com ↗Patch: www.mindrot.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-c9fh-84vx-4p2p: OpenSSH 4↗2022-05-03

▶

CVEList

CVE-2005-2797: OpenSSH 4↗2005-09-06

▶

OSV

CVE-2005-2797: OpenSSH 4↗2005-09-06

▶

📋Vendor Advisories

Debian

CVE-2005-2797: openssh - OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic por...↗2005

▶

Red Hat

CVE-2005-2797: OpenSSH 4↗

▶