All the vulnerabilites related to ssh - tectia_manager
Vulnerability from fkie_nvd
Published
2006-10-24 22:07
Modified
2024-11-21 00:19
Severity ?
Summary
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_client | * | |
| ssh | tectia_connector | * | |
| ssh | tectia_manager | * | |
| ssh | tectia_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E317E29-0436-4DE5-BEAE-360919F81533",
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD202BF8-1A73-44DA-93FB-DA21A7825B93",
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "821AFCAC-3769-4891-B62C-042803023BB7",
"versionEndIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F63849B9-02E1-4361-9686-8C90C7ADDA72",
"versionEndIncluding": "5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339."
},
{
"lang": "es",
"value": "SSH Tectia Client/Server/Connector 5.1.0 y anteriores, Manager 2.2.0 y anteriores, y otros productos, al usar una clave RSA con exponente 3, borra el relleno PKCS-1 antes de generar un hash, lo cual permite a atacantes remotos forjar una firma PKCS #1 v1.5 que es firmada por esa clave RSA y evita que Tectia verifique correctamente certificados X.509 y otros certificados que usan PKCS #1, un asunto similar a CVE-2006-4339."
}
],
"evaluatorSolution": "Update to a fixed version",
"id": "CVE-2006-5484",
"lastModified": "2024-11-21T00:19:24.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-24T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/22350"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017060"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017061"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2006/4032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/22350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2006/4032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-23 22:04
Modified
2024-11-21 00:15
Severity ?
Summary
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_manager | 1.2 | |
| ssh | tectia_manager | 1.3 | |
| ssh | tectia_manager | 1.4 | |
| ssh | tectia_manager | 2.0 | |
| ssh | tectia_manager | 2.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53793268-B61F-4730-8786-F22860B1270B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "207A0CC3-240E-467E-A82D-DB9751378C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23D62693-EA3F-406E-AC66-79B1CD566F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25CE63BE-9056-408C-90D2-6E2CA2E258F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF059D3-7250-44F9-9337-AD66A0F28071",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the \"Restart\" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user\u0027s program and restart it with root privileges."
},
{
"lang": "es",
"value": "El agente de administraci\u00f3n de SSH Tectia (SSH Tectia Management Agent 2.1.2) permite a usuarios locales obtener privilegios de root ejecutando un programa con nombre sshd, lo que se consigue mediante un listado de procesos cuando la acci\u00f3n \"Reiniciar\" (Restart) se selecciona desde la interfaz gr\u00e1fica de usuario (GUI) del servidor de administraci\u00f3n, lo cual provoca que el agente localice el nombre de ruta del programa del usuario y lo reinicie con privilegios de root."
}
],
"id": "CVE-2006-4316",
"lastModified": "2024-11-21T00:15:39.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-23T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21559"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016744"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28159"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19677"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/776/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/776/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28561"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-23 22:04
Modified
2024-11-21 00:15
Severity ?
Summary
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6693DC2D-CDA1-4E37-9569-58874F55A48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16CDE975-9E08-493B-9385-3EC2CABC4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A63EA6B-2400-48C4-924D-3509971CCBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0658F08E-2596-4D8E-91AA-44A9DBE8F151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74169893-A34F-49FB-8C83-36C4AA808925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "013E94CC-AF68-44D0-826F-28B1825A8DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9981E30-0D54-4464-8287-E450E7E8F770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED17577-F56D-48DF-8863-B4FF039C47D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A91E2-C93E-49F4-B349-8E4CEC285C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7244A-BFF7-4C7C-82FF-6B53236DB86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BADA4CC-FC94-427A-AF93-9AAFDAADDB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1D6B7F-8B52-42C0-8613-740CACFB3463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5024EC6-2A47-4ACE-A661-B78D314C7D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA64A6E8-0EB7-4BCA-A7AA-245A466C2F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5058DC44-835D-4BD9-B550-E5CB22F6475F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "23ED4911-6CF5-4562-B421-A328D7BE0291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F3388A-39FA-4A3A-819A-764A16AAEB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDF3D8-35EA-4677-B1AC-1CA674EEBCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F37366E9-F1B6-4458-AE1C-790405AC8740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C727829-5E3A-41F6-BAB3-01AED39674D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF57477-FB53-49CC-BAD4-CDC0FD9363F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FB72FC-37EE-4D42-893E-9C0924EEA2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B18D681B-ACE1-47E3-851D-57DA47D1E2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F470797-BBE4-4360-A38A-2722B8CF3BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6587AA-E91D-4194-81D0-FCF1AA382CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D921A61E-D401-404E-B539-DAFE05D001F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30A3B9E9-3643-443B-A19A-2AE989832C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "207A0CC3-240E-467E-A82D-DB9751378C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23D62693-EA3F-406E-AC66-79B1CD566F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF059D3-7250-44F9-9337-AD66A0F28071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4480D2-1B5C-443D-8D7F-976885C33BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795DEA94-79D6-4132-B205-AB098E92216A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD05A3E8-105D-4712-8BBE-2D5CF4F78890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6691FF-77F2-4AE3-B49F-BFB8744AD046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "075B6E8D-4C4B-4E98-94C6-52B842BE65FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27B99F6E-712C-4205-9185-26F543EFC881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF0262B-1451-40CA-9DD1-F2DEA793BD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E0224-9431-49EF-8B32-850CDF6FFFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88A88A21-7427-4452-8C2A-6C31542FA83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DCEAA0-509A-4978-BE53-0CBE084366FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3203DC73-05F2-4A28-9E62-3D87B482586A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA1AAC-3FCF-47D8-A6B4-9DB0D776CE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64F4CDF1-695A-4677-A829-74BB365BF4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEF55DD-FC87-42A3-9DAF-9862AA9649CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FA974-7671-4FB7-BB36-274B5970EBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C2BA84-A520-489E-AF08-F3D35B0D580B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "011F841A-4F1B-49B2-B379-9FE126141568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C54819-CF51-4BBE-873F-4A0E2072D10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "802C46F0-0FE2-42BD-910A-08CC9639BC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E96C8-F8F8-4002-B242-3ADDF1E84B7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta no confiable en la b\u00fasqueda no literal de Windows en m\u00faltiples productos SSH de Tectia, incluyendo el Client/Server/Connector 5.0.0 y 5.0.1 y Client/Server anterior a 4.4.5, y Manager 2.12 y anteriores, cuando se ejecutan en Windows, podr\u00edan permitir a usuarios locales escalar privilegios mediante un archivo de programa malicioso en \"Archivos de Programa\" o sus subdirectorios."
}
],
"id": "CVE-2006-4315",
"lastModified": "2024-11-21T00:15:39.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-23T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016743"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19679"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2006-4315
Vulnerability from cvelistv5
Published
2006-08-23 22:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/19679 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1016743 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ssh.com/company/news/2006/english/security/article/775/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28566 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19679"
},
{
"name": "1016743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016743"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"name": "ssh-tectia-pathname-privilege-escalation(28566)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19679"
},
{
"name": "1016743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016743"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"name": "ssh-tectia-pathname-privilege-escalation(28566)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19679"
},
{
"name": "1016743",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016743"
},
{
"name": "http://www.ssh.com/company/news/2006/english/security/article/775/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"name": "ssh-tectia-pathname-privilege-escalation(28566)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4315",
"datePublished": "2006-08-23T22:00:00",
"dateReserved": "2006-08-23T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4316
Vulnerability from cvelistv5
Published
2006-08-23 22:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28561 | vdb-entry, x_refsource_XF | |
| http://www.ssh.com/company/news/2006/english/security/article/776/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/19677 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/28159 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1016744 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/21559 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ssh-tectia-restart-privilege-escalation(28561)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28561"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/776/"
},
{
"name": "19677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19677"
},
{
"name": "28159",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28159"
},
{
"name": "1016744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016744"
},
{
"name": "21559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the \"Restart\" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user\u0027s program and restart it with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ssh-tectia-restart-privilege-escalation(28561)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28561"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/776/"
},
{
"name": "19677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19677"
},
{
"name": "28159",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28159"
},
{
"name": "1016744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016744"
},
{
"name": "21559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the \"Restart\" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user\u0027s program and restart it with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ssh-tectia-restart-privilege-escalation(28561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28561"
},
{
"name": "http://www.ssh.com/company/news/2006/english/security/article/776/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/news/2006/english/security/article/776/"
},
{
"name": "19677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19677"
},
{
"name": "28159",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28159"
},
{
"name": "1016744",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016744"
},
{
"name": "21559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4316",
"datePublished": "2006-08-23T22:00:00",
"dateReserved": "2006-08-23T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5484
Vulnerability from cvelistv5
Published
2006-10-24 22:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1017060 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/22350 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/4032 | vdb-entry, x_refsource_VUPEN | |
| http://www.ssh.com/company/news/2006/english/security/article/786/ | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/845620 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1017061 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017060"
},
{
"name": "22350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22350"
},
{
"name": "ADV-2006-4032",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4032"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"name": "VU#845620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"name": "1017061",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017060"
},
{
"name": "22350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22350"
},
{
"name": "ADV-2006-4032",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4032"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"name": "VU#845620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"name": "1017061",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017060",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017060"
},
{
"name": "22350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22350"
},
{
"name": "ADV-2006-4032",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4032"
},
{
"name": "http://www.ssh.com/company/news/2006/english/security/article/786/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"name": "VU#845620",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"name": "1017061",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5484",
"datePublished": "2006-10-24T22:00:00",
"dateReserved": "2006-10-24T00:00:00",
"dateUpdated": "2024-08-07T19:55:52.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}