Debian OpenSSH vulnerabilities

CVE-2003-0190 [MEDIUM] CVE-2003-0190: openssh - OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediat... OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. Scope: local bookworm: resolved (fixed in 1:3.8.1p1-8.sarge.4) bullseye: resolved (fixed in 1:3.8.1p1-8.sarge.4) forky: resolved (fixed in 1:3.8.1p1-8.sa

CVE-2003-1119 [MEDIUM] CVE-2003-1119: openssh - SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of servi... SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2003-1562 [MEDIUM] CVE-2003-1562: openssh - sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using ... sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerab

CVE-2002-0639 [CRITICAL] CVE-2002-0639: openssh - Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to... Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. Scope: local bookworm: resolved (fixed in 1:3.4) bullseye: resolved (fixed in 1:3.4) forky: resolved (fixed in 1:3.4) sid: resolved

CVE-2002-0765 [HIGH] CVE-2002-0765: openssh - sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions... sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. Scope: local bookworm: resolved (fixed in 1:3.3p1-0.0woody1) bullseye: resolved (fixed in 1:3.3p1-0.0woody1) forky: resolved (fixed in 1:3.3p1-0.0woody1) sid: resolved (fixed in 1:3.3p1-0.0woody1) trixi

CVE-2002-0640 [CRITICAL] CVE-2002-0640: openssh - Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers ... Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt). Scope: local bookworm: resolved (fixed in 1:3.4) bullseye: resolved (fixed in 1:3.

CVE-2002-1360 [CRITICAL] CVE-2002-1360: openssh - Multiple SSH2 servers and clients do not properly handle strings with null chara... Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated

CVE-2002-1359 [CRITICAL] CVE-2002-1359: openssh - Multiple SSH2 servers and clients do not properly handle large packets or large ... Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resol

CVE-2002-1715 [HIGH] CVE-2002-1715: openssh - SSH 1 through 3, and possibly other versions, allows local users to bypass restr... SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2002-1358 [CRITICAL] CVE-2002-1358: openssh - Multiple SSH2 servers and clients do not properly handle lists with empty elemen... Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2002-1357 [CRITICAL] CVE-2002-1357: openssh - Multiple SSH2 servers and clients do not properly handle packets or data element... Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resol

CVE-2001-1507 [HIGH] CVE-2001-1507: openssh - OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate user... OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. Scope: local bookworm: resolved (fixed in 1:3.0.1) bullseye: resolved (fixed in 1:3.0.1) forky: resolved (fixed in 1:3.0.1) sid: resolved (fixed in 1:3.0.1) trixie: resolved (fixed in 1:3.0.1)

CVE-2001-1459 [HIGH] CVE-2001-1459: openssh - OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM... OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. Scope: local bookworm: resolved (fixed in 1:3.0.1p1-1) bullseye: resolved (fixed in 1:3.0.1p1-1) forky: resolved (fixed in 1:3.0.1p1-1) sid: resolved (fixed in 1:3.0.1

CVE-2001-1585 [MEDIUM] CVE-2001-1585: openssh - SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot... SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_ke

CVE-2000-0992 [MEDIUM] CVE-2000-0992: openssh - Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote maliciou... Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. Scope: local bookworm: resolved (fixed in 1:3.9p1-1) bullseye: resolved (fixed in 1:3.9p1-1) forky: resolved (fixed in 1:3.9p1-1) sid: resolved (fixed in 1:3.9p1-1) trixie: resolved (fixed in 1:3.9p1-1)