Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ssh | First view | 1999-05-13 |
| Product | ssh2 | Last view | 2002-12-31 |
| Version | 2.0.2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ssh:ssh2 | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2002-12-31 | CVE-2002-1715 | SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. |
| 5.1 | 2000-02-24 | CVE-2000-0217 | The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. |
| 5 | 1999-06-09 | CVE-1999-1231 | ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server. |
| 7.5 | 1999-05-13 | CVE-1999-1029 | SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs. |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 23589 | SSH Directory Permission Weakness Restricted Shell Bypass |
| 8036 | ssh Account Name Validity Disclosure |
| 8035 | SSH Server sshd2 Failed Login Attempt Logging Failure |
| 1229 | SSH client xauth Session Hijacking |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2011-10-04 | Name: The remote host has an application installed that is affected by a session hi... File: openssh_123.nasl - Type: ACT_GATHER_INFO |
