All the vulnerabilites related to ssh - tectia_server
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_server | 4.0.3 | |
| ssh | tectia_server | 4.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795DEA94-79D6-4132-B205-AB098E92216A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD05A3E8-105D-4712-8BBE-2D5CF4F78890",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server\u0027s private key."
}
],
"id": "CVE-2003-1120",
"lastModified": "2024-11-20T23:46:24.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11193"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/alerts/2004/Mar/1009532.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/814198"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4491"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9956"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ssh.com/company/newsroom/article/520/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/alerts/2004/Mar/1009532.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/814198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ssh.com/company/newsroom/article/520/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-17 00:03
Modified
2024-11-21 00:03
Severity ?
Summary
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_server | 5.0.0_a | |
| ssh | tectia_server | 5.0.0_f | |
| ssh | tectia_server | 5.0.0_t |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.0_a:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2CD26F-FB34-4F6D-B2E1-EC3C26FBD435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.0_f:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4298CE-29D5-4A3E-B6FA-D7BA6A781C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.0_t:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9CBA9-DE79-4006-B973-7C1388E1A28C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials."
}
],
"id": "CVE-2005-4310",
"lastModified": "2024-11-21T00:03:56.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-17T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18001"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015368"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15903"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/newsroom/article/694/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/newsroom/article/694/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2929"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-23 22:04
Modified
2024-11-21 00:15
Severity ?
Summary
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6693DC2D-CDA1-4E37-9569-58874F55A48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16CDE975-9E08-493B-9385-3EC2CABC4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A63EA6B-2400-48C4-924D-3509971CCBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0658F08E-2596-4D8E-91AA-44A9DBE8F151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74169893-A34F-49FB-8C83-36C4AA808925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "013E94CC-AF68-44D0-826F-28B1825A8DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9981E30-0D54-4464-8287-E450E7E8F770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED17577-F56D-48DF-8863-B4FF039C47D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A91E2-C93E-49F4-B349-8E4CEC285C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7244A-BFF7-4C7C-82FF-6B53236DB86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BADA4CC-FC94-427A-AF93-9AAFDAADDB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1D6B7F-8B52-42C0-8613-740CACFB3463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5024EC6-2A47-4ACE-A661-B78D314C7D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA64A6E8-0EB7-4BCA-A7AA-245A466C2F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5058DC44-835D-4BD9-B550-E5CB22F6475F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "23ED4911-6CF5-4562-B421-A328D7BE0291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F3388A-39FA-4A3A-819A-764A16AAEB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDF3D8-35EA-4677-B1AC-1CA674EEBCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F37366E9-F1B6-4458-AE1C-790405AC8740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C727829-5E3A-41F6-BAB3-01AED39674D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF57477-FB53-49CC-BAD4-CDC0FD9363F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FB72FC-37EE-4D42-893E-9C0924EEA2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B18D681B-ACE1-47E3-851D-57DA47D1E2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F470797-BBE4-4360-A38A-2722B8CF3BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6587AA-E91D-4194-81D0-FCF1AA382CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D921A61E-D401-404E-B539-DAFE05D001F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30A3B9E9-3643-443B-A19A-2AE989832C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "207A0CC3-240E-467E-A82D-DB9751378C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23D62693-EA3F-406E-AC66-79B1CD566F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF059D3-7250-44F9-9337-AD66A0F28071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4480D2-1B5C-443D-8D7F-976885C33BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795DEA94-79D6-4132-B205-AB098E92216A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD05A3E8-105D-4712-8BBE-2D5CF4F78890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6691FF-77F2-4AE3-B49F-BFB8744AD046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "075B6E8D-4C4B-4E98-94C6-52B842BE65FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27B99F6E-712C-4205-9185-26F543EFC881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF0262B-1451-40CA-9DD1-F2DEA793BD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E0224-9431-49EF-8B32-850CDF6FFFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88A88A21-7427-4452-8C2A-6C31542FA83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DCEAA0-509A-4978-BE53-0CBE084366FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3203DC73-05F2-4A28-9E62-3D87B482586A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA1AAC-3FCF-47D8-A6B4-9DB0D776CE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64F4CDF1-695A-4677-A829-74BB365BF4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEF55DD-FC87-42A3-9DAF-9862AA9649CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FA974-7671-4FB7-BB36-274B5970EBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C2BA84-A520-489E-AF08-F3D35B0D580B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "011F841A-4F1B-49B2-B379-9FE126141568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C54819-CF51-4BBE-873F-4A0E2072D10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "802C46F0-0FE2-42BD-910A-08CC9639BC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E96C8-F8F8-4002-B242-3ADDF1E84B7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta no confiable en la b\u00fasqueda no literal de Windows en m\u00faltiples productos SSH de Tectia, incluyendo el Client/Server/Connector 5.0.0 y 5.0.1 y Client/Server anterior a 4.4.5, y Manager 2.12 y anteriores, cuando se ejecutan en Windows, podr\u00edan permitir a usuarios locales escalar privilegios mediante un archivo de programa malicioso en \"Archivos de Programa\" o sus subdirectorios."
}
],
"id": "CVE-2006-4315",
"lastModified": "2024-11-21T00:15:39.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-23T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016743"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19679"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/15894 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.ssh.com/company/newsroom/article/653/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/15894 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ssh.com/company/newsroom/article/653/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_server | 4.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF0262B-1451-40CA-9DD1-F2DEA793BD61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server."
}
],
"id": "CVE-2005-2146",
"lastModified": "2024-11-20T23:58:53.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15894"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/newsroom/article/653/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/newsroom/article/653/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-24 22:07
Modified
2024-11-21 00:19
Severity ?
Summary
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_client | * | |
| ssh | tectia_connector | * | |
| ssh | tectia_manager | * | |
| ssh | tectia_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E317E29-0436-4DE5-BEAE-360919F81533",
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD202BF8-1A73-44DA-93FB-DA21A7825B93",
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "821AFCAC-3769-4891-B62C-042803023BB7",
"versionEndIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F63849B9-02E1-4361-9686-8C90C7ADDA72",
"versionEndIncluding": "5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339."
},
{
"lang": "es",
"value": "SSH Tectia Client/Server/Connector 5.1.0 y anteriores, Manager 2.2.0 y anteriores, y otros productos, al usar una clave RSA con exponente 3, borra el relleno PKCS-1 antes de generar un hash, lo cual permite a atacantes remotos forjar una firma PKCS #1 v1.5 que es firmada por esa clave RSA y evita que Tectia verifique correctamente certificados X.509 y otros certificados que usan PKCS #1, un asunto similar a CVE-2006-4339."
}
],
"evaluatorSolution": "Update to a fixed version",
"id": "CVE-2006-5484",
"lastModified": "2024-11-21T00:19:24.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-24T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/22350"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017060"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017061"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2006/4032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/22350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2006/4032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-04 23:55
Modified
2024-11-21 01:45
Severity ?
Summary
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_server | 6.0.4 | |
| ssh | tectia_server | 6.0.5 | |
| ssh | tectia_server | 6.0.6 | |
| ssh | tectia_server | 6.0.7 | |
| ssh | tectia_server | 6.0.8 | |
| ssh | tectia_server | 6.0.9 | |
| ssh | tectia_server | 6.0.10 | |
| ssh | tectia_server | 6.0.11 | |
| ssh | tectia_server | 6.0.12 | |
| ssh | tectia_server | 6.0.13 | |
| ssh | tectia_server | 6.0.14 | |
| ssh | tectia_server | 6.0.17 | |
| ssh | tectia_server | 6.0.18 | |
| ssh | tectia_server | 6.0.19 | |
| ssh | tectia_server | 6.0.20. | |
| ssh | tectia_server | 6.1.0 | |
| ssh | tectia_server | 6.1.1 | |
| ssh | tectia_server | 6.1.2 | |
| ssh | tectia_server | 6.1.3 | |
| ssh | tectia_server | 6.1.4 | |
| ssh | tectia_server | 6.1.5 | |
| ssh | tectia_server | 6.1.6 | |
| ssh | tectia_server | 6.1.7 | |
| ssh | tectia_server | 6.1.8 | |
| ssh | tectia_server | 6.1.9 | |
| ssh | tectia_server | 6.1.12 | |
| ssh | tectia_server | 6.2.0 | |
| ssh | tectia_server | 6.2.1 | |
| ssh | tectia_server | 6.2.2 | |
| ssh | tectia_server | 6.2.3 | |
| ssh | tectia_server | 6.2.4 | |
| ssh | tectia_server | 6.2.5 | |
| ssh | tectia_server | 6.3.0 | |
| ssh | tectia_server | 6.3.1 | |
| ssh | tectia_server | 6.3.2 | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB98ADBD-7FBB-4495-A71B-8EF9A6EAC33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A610861C-E99E-461C-9DD4-22C9BB7E219C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "773953BC-6509-4206-93F9-81ECE5990723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00C4BCD3-9323-4C54-9610-2A68EB054E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "108C7BFB-2482-40C6-BC4B-3746796A750F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5E11B76A-2E1A-42C8-8B0F-115FC90E3A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2281860D-6801-4858-A2EF-C3691905456F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "42801462-CD60-4FEA-A199-2AF807DA2970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAC9A2F-0D00-4869-A86F-9375B2A2B49F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C81A0737-CA31-48DB-9A61-3B22014D1C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B65A2C5C-8B1F-4C47-9D0C-0AB8B8EA2AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7C282A-D585-4D7C-9879-9CB952F18271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA14E65-1271-436D-8FCF-58A31AF8AE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2802C37C-39B3-4EC7-B268-C922CADE23CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.20.:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA77C94-46B3-40D1-A25D-F22ACE14B1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3013570A-EEBA-4F29-949C-4AF9CC891997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F83F52D-02C8-4882-A109-3123B5A4AF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F037ED-158F-4775-BBDC-5FC2890D4200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E27B394-FF7F-4F9F-8882-94EB73183CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E08A8238-AE4F-4B6E-9894-F0536D31C09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3CE1F0-ADB8-42E6-AF1F-5D4EB9E13768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "270325E5-04BB-43B5-AF56-EFA0C2797179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3499DC6A-1FA5-442E-9A4F-84DC44806BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48699828-47BD-4A87-B98C-4424DD4946B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "966CB478-D7FD-4565-A528-D0E7690BADEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "321FAB7F-C072-4662-B6E9-43C6C38B0CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDFC77D-A5FE-4D9E-9EB9-961227227B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E63E80-645C-435A-A5F6-24C49AA33050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D3547A-9F13-4BAD-B07B-77231BFD1C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED945745-3C99-4471-B5B9-98A2D3816E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "246E9AC7-10AC-4FB2-B084-225A3A8127E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "908376D1-27E1-4442-A81A-D270C8474072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF6B13-118D-4282-851B-C278522F35E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "056BA569-291B-4F48-BA05-4BA88A7DC741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C53B37-E60A-4D52-B38A-B8A8710A8ED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c."
},
{
"lang": "es",
"value": "La caracter\u00edstica SSH USERAUTH CHANGE REQUEST en SSH Tectia Server v6.0.4 hasta v6.0.20, v6.1.0 hasta v6.1.12, v6.2.0 hasta v6.2.5, y v6.3.0 hasta v6.3.2 en UNIX y Linux, cuando el estilo viejo de autenticaci\u00f3n (old-style password authentication is) est\u00e1 activada, permite a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de una sesi\u00f3n manipulada que implica la entrada de contrase\u00f1as en blanco, como se demuestra por una sesi\u00f3n de login de root de un cliente OpenSSH modificados con una llamada adicional input_userauth_passwd_changereq en sshconnect2.c."
}
],
"id": "CVE-2012-5975",
"lastModified": "2024-11-21T01:45:37.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-04T23:55:00.973",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/23082/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/23082/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-15 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_client | * | |
| ssh | tectia_connectsecure | - | |
| ssh | tectia_server | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F19AD707-E08D-4D78-AE68-46806EBABE3B",
"versionEndExcluding": "6.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "058495B9-2E81-4400-9A70-8E58A623BA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B662B1-6336-41F2-A5CA-55E875E43718",
"versionEndExcluding": "6.4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected."
},
{
"lang": "es",
"value": "SSH Tectia Client and Server versiones anteriores a 6.4.19 en Windows, permiten una escalada de privilegios locales en condiciones no est\u00e1ndar.\u0026#xa0;ConnectSecure en Windows est\u00e1 afectado"
}
],
"id": "CVE-2021-27893",
"lastModified": "2024-11-21T05:58:43.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-15T15:15:15.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27893"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-19 17:30
Modified
2024-11-21 00:53
Severity ?
Summary
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B042083-6D26-4A91-B3F6-E6D46266FF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6693DC2D-CDA1-4E37-9569-58874F55A48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16CDE975-9E08-493B-9385-3EC2CABC4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A63EA6B-2400-48C4-924D-3509971CCBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0658F08E-2596-4D8E-91AA-44A9DBE8F151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74169893-A34F-49FB-8C83-36C4AA808925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "013E94CC-AF68-44D0-826F-28B1825A8DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9981E30-0D54-4464-8287-E450E7E8F770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED17577-F56D-48DF-8863-B4FF039C47D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A91E2-C93E-49F4-B349-8E4CEC285C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.1j:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7244A-BFF7-4C7C-82FF-6B53236DB86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BADA4CC-FC94-427A-AF93-9AAFDAADDB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.2j:*:*:*:*:*:*:*",
"matchCriteriaId": "1356E837-2CF3-4AF9-80DD-FA2A97B3B2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1D6B7F-8B52-42C0-8613-740CACFB3463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5024EC6-2A47-4ACE-A661-B78D314C7D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA64A6E8-0EB7-4BCA-A7AA-245A466C2F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5058DC44-835D-4BD9-B550-E5CB22F6475F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "23ED4911-6CF5-4562-B421-A328D7BE0291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F3388A-39FA-4A3A-819A-764A16AAEB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.3.9k:*:*:*:*:*:*:*",
"matchCriteriaId": "C90B0480-C558-41BD-A16C-AD63DA1C09C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDF3D8-35EA-4677-B1AC-1CA674EEBCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F37366E9-F1B6-4458-AE1C-790405AC8740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C727829-5E3A-41F6-BAB3-01AED39674D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF57477-FB53-49CC-BAD4-CDC0FD9363F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65FB72FC-37EE-4D42-893E-9C0924EEA2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D863ED8D-2B63-4497-B250-6AFA29D6D9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BF5D4C-DFF8-4094-82A6-A1302169CD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C5413C-47F1-4E3B-B618-2AECECA780FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "490A294D-AB7C-45C2-B887-1C3D2992AD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "43712853-9002-4778-9036-754262880B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "41A83090-D05D-40DD-AA29-F032CC165A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BCE145-44F4-4FED-8936-3AEBF8B38357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "888C2DE3-2874-4310-9584-3AC96A82C306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6587AA-E91D-4194-81D0-FCF1AA382CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "237D84A0-3FC3-4CFD-9454-ACD9E42DCC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B2C7F5-8182-48B8-AA8A-C0F45978D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "F5EAC7A0-CD7D-4AE9-8421-9CDFFD073B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17855D5D-BDF5-48D3-9D71-694A3D41A826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.0.3f:*:*:*:*:*:*:*",
"matchCriteriaId": "3915E4A8-6CCF-44A3-85B9-70651137C084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5DEDB4-7E16-4356-B080-09BCDA68772F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9DBDC7-DDF0-4596-84BC-E4E05F47F938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA61F9-CE29-47B0-AF2A-B1045A59018E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B338837-6346-48FC-A4D7-011EC20ACF61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8644D458-786D-4310-BAA8-40B2E27EA966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4746C2E-91B1-4341-9CCD-78191BDF9A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3FCC3E-F3D5-4F90-B64F-85576E8B776B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17672CBB-A79F-4B91-9B01-193F960A4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "177E5CE0-A518-447F-9397-FC527E367077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C808743-BFAF-4BB4-B0F0-13DF2C7D5531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB90715C-E50C-4682-8C94-DE5CBCAA9965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8F8009-3586-4989-B180-2F46503DA59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "44DDAAA8-185D-47FE-8434-E2FC000BD926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E5D670-FB1F-4560-A5A0-149FB4FCD2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "49A0662D-9356-4DC9-8082-58DBEE5C65FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4E858413-3408-4A77-B56D-5016959FC690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB475D-7996-48B3-8886-9000C6230414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E56BFE1-044A-45AC-BF9C-C0CFBD2F8C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E72BBCB-636C-4939-90B7-308223E433EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5884968-F218-4CD4-AD4B-4C0CD26EF674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "56FD197E-27E9-4AF4-8A84-E1D0A7FD14DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCD63A2-B666-4F5E-9D17-ED38B0BF973C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "63E32B6A-AF41-4AEA-B55B-52B821106D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC18FBF-1C2E-4D2F-9D3C-C6578CCBDB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0824B78E-EB43-4D74-9062-79D0F273B06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A76B02F-C2C8-4A35-A60A-EC74F43B8895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD470B-274F-421C-AD4D-6D076935D741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C30FE48E-857E-441C-B497-B6E541D2913F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A813EED-25AC-4191-92E8-58C1BC7D1E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8719CEF9-6753-495B-9ACB-9E323CB7BCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "553D3277-1B91-4998-A610-7E5D3E2C1413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17886B3D-394C-4C94-93B2-FAB23B45C880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7584F9C5-41E9-4F84-9849-B5D604BB55A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00008DAA-F66D-484B-941B-944F3E684981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF4DE0B-ED77-49CE-AE0C-2AF2AE35FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38EF9A76-6D83-4C99-A1DE-DC7E5AF28731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3C13F8DE-007E-467E-9872-9C4A951F1EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "698824F0-DDFA-4469-8D42-59A56ACD6B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30A3B9E9-3643-443B-A19A-2AE989832C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F86A43A5-0906-405E-B3D0-250DA24A9093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3126AFB2-A043-4C51-8402-D36D2F62AA73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D37C5-5C79-46F9-97B7-555E48C53796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A817B6-CD13-4E0A-99DD-C5C39DF04C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F7054-6EDF-4F25-945E-E24F00A4A2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16BEBCBF-8826-4451-9B6B-802BD8A4FA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59F1EE63-6CF7-440D-BC5B-23D721996275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C446EEE-3D06-485D-A031-2DA2A6501712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F90B0C0-1CA9-47F8-B603-D6C15CF33352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7292ADB-5D2C-4569-93B5-76125D71E3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2810AD0C-4C6F-4B07-8D72-2D640219AE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "06C3FAFB-90D2-4C6D-A210-27297926433E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connector:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "78E26C82-CA31-4EBB-9635-D895B04D90E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "170C4ADE-68C7-4F73-BD64-800D8E07F5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB022A4-BFF0-4154-A8B6-C38B6C09A1BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "026CCB02-C710-4AEA-B002-852AD4A3DCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02ACCEFF-1301-4118-BFCA-877F7A1D84B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "625EE79F-33C9-4272-A37C-F82921950EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4480D2-1B5C-443D-8D7F-976885C33BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "795DEA94-79D6-4132-B205-AB098E92216A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD05A3E8-105D-4712-8BBE-2D5CF4F78890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6691FF-77F2-4AE3-B49F-BFB8744AD046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E58648AC-7288-46EC-B2BB-0805626BA31C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8A31AD-D2E8-45DC-BF80-BD102B1FBC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62FBDA08-566F-4D21-8186-4A287FD2F107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1DB64D-028A-422F-B106-873A45789A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12509D69-71AF-48AF-986F-04A7E248011A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "075B6E8D-4C4B-4E98-94C6-52B842BE65FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDF9DB2-6C3D-4BF5-BF55-818C3932CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27B99F6E-712C-4205-9185-26F543EFC881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F31FAA8F-EE03-4A7F-B0DE-BB4CE998FEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF0262B-1451-40CA-9DD1-F2DEA793BD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C27E0224-9431-49EF-8B32-850CDF6FFFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88A88A21-7427-4452-8C2A-6C31542FA83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DCEAA0-509A-4978-BE53-0CBE084366FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3203DC73-05F2-4A28-9E62-3D87B482586A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA1AAC-3FCF-47D8-A6B4-9DB0D776CE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64F4CDF1-695A-4677-A829-74BB365BF4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEF55DD-FC87-42A3-9DAF-9862AA9649CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61188360-C55E-47AD-8C3E-043689249DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5BCE08-8940-4658-A4D7-5CAD33D3751C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0FA974-7671-4FB7-BB36-274B5970EBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "011F841A-4F1B-49B2-B379-9FE126141568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C54819-CF51-4BBE-873F-4A0E2072D10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "743C5472-860C-48A6-AED7-BB00B6E91440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2094ACB3-635A-437D-AF0E-4BFEB496EDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40BE9A01-DEE5-4CD4-8C01-6689707A47EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2838C7E9-F247-491B-AAD1-680927044C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB99E2A-AF4D-4436-9C4F-EB043F8D16A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "86E5680C-2E57-4BFA-9D60-B560BA819039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83D8769C-E438-4805-955A-4EA7A274F036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E96C8-F8F8-4002-B242-3ADDF1E84B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2ADC814-3F33-47F6-AE27-7233F5D337AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B56052F-6768-41D6-9E91-F1377EB4E122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9803DD4B-C48D-45EA-8154-C1C626DBDED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "702A52AE-4E48-4138-8856-9EBE5A8DA964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "B8C108AB-0C7C-4B58-8B54-C92C95A6B65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "509B3B08-533C-46CE-B53F-5A2BFC553C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F992DB-F70C-4473-8C33-B5F59BD83A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84D8E570-70B9-42CF-9764-238AAF6B380F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "9E582465-CC4A-4827-8C1F-548F01D6FCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "60515678-F93E-46CC-94EF-0EF9B2091D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4054251B-98C7-4AC9-B610-BA0EB250972C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.2:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "5B4AC671-C67D-46EC-9FB2-720F0DC3D4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6A93E9C5-91A4-4FC1-871B-ECE0E0FAFAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "958F4FB0-C7DA-48D8-9500-A4A43ED807E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D772EE8-FB18-4431-89D8-FAF42797A2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "A3A30FB0-35AB-4CF2-B74D-68015044770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75DA0AC9-E2BF-40C7-B970-43D0283FCC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA26CDDC-24FD-4FFD-BA5E-79F55BC8DA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1003EDA5-E22E-4A4E-A289-660E823EE71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "844003FE-63E9-4E2F-83E6-02798B753FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED73DCC-6501-4DA8-B0C0-45F1A6E97BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "711A3119-3390-48A9-8579-1D768D66386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "798BE0FE-52F1-4283-8A0D-3E769A3752C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9F77CD27-4E7E-4B4A-9363-FC87B611338A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.4.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "09B1AFF1-4F5D-42F0-A3A7-91BB9854B561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.4.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "01872E42-E249-48AB-9259-FF3B0F3CAA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.4.2:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "B73B06FD-3452-4900-AE09-44172A1EF174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.5.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "DC126AA4-30B6-429B-A981-E4F0BCE03DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.5.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "1932FFE5-DC06-4560-ADA7-4C993B8A880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67BA8F3E-57F3-4388-8CD0-431AAA8DDB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "2BDEED3F-3936-429C-957E-9E3EE455445C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71C39323-60AF-4CB5-BA5A-1F45353614F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.1:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "3FE3D768-A3CF-422A-9EE2-6256E3ADDBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8E4B95-A551-4839-995F-5667CD215540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B474CD5-DEC0-49DB-992D-658A3C573982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB98ADBD-7FBB-4495-A71B-8EF9A6EAC33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:6.0.4:*:linux_ibm_zos:*:*:*:*:*",
"matchCriteriaId": "356A4B29-4BE7-4D33-8B64-CECCA6C24FAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors."
},
{
"lang": "es",
"value": "Error en el manejo del protocolo SSH en (1) SSH Tectia Client y Server y Connector 4v.0 a la v4.4.11, v5.0 a la v5.2.4, y v5.3 a la v5.3.8; Client y Server y ConnectSecure v6.0 a la v6.0.4; Server para Linux sobre IBM System z v6.0.4; Server para IBM z/OS v5.5.1 y anteriores, v6.0.0, y v6.0.1; y Client v4.0-J a la v4.3.3-J y v4.0-K a la v4.3.10-K; y (2) OpenSSH v4.7p1 y posiblemente otras versiones, cuando usan un algoritmo de bloque cifrado en el modo Cipher Block Chaining (CBC), facilita a los atacantes remotos el conseguir cierta informaci\u00f3n en texto plano desde cualquier bloque de texto cifrado de su elecci\u00f3n en una sessi\u00f3n SSH mediante vectores de ataque desconocidos."
}
],
"evaluatorComment": "http://securitytracker.com/alerts/2008/Nov/1021235.html\n\nCBC mode connections are affected",
"evaluatorSolution": "With a valid username and password patches are available at the following link:\nhttps://downloads.ssh.com/",
"id": "CVE-2008-5161",
"lastModified": "2024-11-21T00:53:25.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-19T17:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://openssh.org/txt/cbc.adv"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49872"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50035"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50036"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32740"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32760"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32833"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33121"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33308"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34857"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36558"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "cve@mitre.org",
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/958563"
},
{
"source": "cve@mitre.org",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32319"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021235"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021236"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021382"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openssh.org/txt/cbc.adv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/958563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue was addressed for Red Hat Enterprise Linux 5 by\nhttps://rhn.redhat.com/errata/RHSA-2009-1287.html\n\nAfter reviewing the upstream fix for this issue, Red Hat does not intend to address this flaw in Red Hat Enterprise Linux 3 or 4 at this time.",
"lastModified": "2009-09-02T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-09 21:46
Modified
2024-11-21 00:38
Severity ?
Summary
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_client | * | |
| ssh | tectia_client | * | |
| ssh | tectia_server | * | |
| ssh | tectia_server | * | |
| linux | linux_kernel | - | |
| opengroup | unix | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D56E908-9C03-4EDE-8073-6A694F8EA22B",
"versionEndExcluding": "5.2.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F18621-132A-4B0B-AA42-218182593597",
"versionEndExcluding": "5.3.6",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B22708-3E09-4CFD-B43C-1D3BEA9A0713",
"versionEndExcluding": "5.2.4",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42A5D80B-7C03-4E4E-9FDA-37359AFA639D",
"versionEndExcluding": "5.3.6",
"versionStartIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "ssh-signer en SSH Tectia Client y Server 5.x anterior a 5.2.4, y 5.3.x anterior a 5.3.6, sobre Unix y Linux permite a usuarios locales ganar privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-5616",
"lastModified": "2024-11-21T00:38:18.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-09T21:46:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28247"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019167"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/921339"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/WDON-7AMRRF"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27191"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0078"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/921339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/WDON-7AMRRF"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-15 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_client | * | |
| ssh | tectia_connectsecure | - | |
| ssh | tectia_server | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F19AD707-E08D-4D78-AE68-46806EBABE3B",
"versionEndExcluding": "6.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "058495B9-2E81-4400-9A70-8E58A623BA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B662B1-6336-41F2-A5CA-55E875E43718",
"versionEndExcluding": "6.4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected."
},
{
"lang": "es",
"value": "SSH Tectia Client and Server versiones anteriores a 6.4.19 en Windows, permiten una escalada de privilegios locales.\u0026#xa0;ConnectSecure en Windows est\u00e1 afectado"
}
],
"id": "CVE-2021-27892",
"lastModified": "2024-11-21T05:58:43.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-15T15:15:15.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27892"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-15 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_client | * | |
| ssh | tectia_connectsecure | - | |
| ssh | tectia_server | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F19AD707-E08D-4D78-AE68-46806EBABE3B",
"versionEndExcluding": "6.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_connectsecure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "058495B9-2E81-4400-9A70-8E58A623BA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B662B1-6336-41F2-A5CA-55E875E43718",
"versionEndExcluding": "6.4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected."
},
{
"lang": "es",
"value": "SSH Tectia Client and Server versiones anteriores a 6.4.19 en Windows, presentan una generaci\u00f3n de claves d\u00e9bil.\u0026#xa0;ConnectSecure en Windows est\u00e1 afectado"
}
],
"id": "CVE-2021-27891",
"lastModified": "2024-11-21T05:58:43.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-15T15:15:15.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27891"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-18 03:19
Modified
2024-11-21 00:29
Severity ?
Summary
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_server | * | |
| ssh | tectia_server | 5.0 | |
| ssh | tectia_server | 5.1.0 | |
| ssh | tectia_server | 5.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssh:tectia_server:*:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "986BF359-0B74-40D1-8C19-A853A8801901",
"versionEndIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "73ED75A8-0F63-429D-BDEE-0F6DAE458A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.1.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "2CE168B7-863C-4920-80E9-DBD83E50013C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ssh:tectia_server:5.2.0:*:ibm_zos:*:*:*:*:*",
"matchCriteriaId": "9E582465-CC4A-4827-8C1F-548F01D6FCF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact."
},
{
"lang": "es",
"value": "SSH Tectia Server para IBM z/OS versiones anteriores a 5.4.0, usa permisos no seguros de escritura mundial para (1) el archivo pid del servidor, lo que permite a usuarios locales causar que sean detenidos procesos arbitrarios, o (2) cuando _BPX_BATCH_ UMASK est\u00e1 faltando en el entorno, crea archivos HFS con permisos no seguros, lo que permite a usuarios locales leer o modificar estos archivos y tener otro impacto desconocido."
}
],
"id": "CVE-2007-2063",
"lastModified": "2024-11-21T00:29:48.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-18T03:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34998"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24916"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017913"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35014"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23508"
},
{
"source": "cve@mitre.org",
"url": "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1414"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33699"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-27893
Vulnerability from cvelistv5
Published
2021-03-15 14:05
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://info.ssh.com/tectia-vulnerability-cve-2021-27893 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-15T14:18:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://info.ssh.com/tectia-vulnerability-cve-2021-27893",
"refsource": "MISC",
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27893",
"datePublished": "2021-03-15T14:05:44",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-08-03T21:33:16.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2063
Vulnerability from cvelistv5
Published
2007-04-18 02:20
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/1414 | vdb-entry, x_refsource_VUPEN | |
| http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt | x_refsource_CONFIRM | |
| http://www.osvdb.org/35014 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/34998 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/24916 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/23508 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33699 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1017913 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:49.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1414",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt"
},
{
"name": "35014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35014"
},
{
"name": "34998",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34998"
},
{
"name": "24916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24916"
},
{
"name": "23508",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23508"
},
{
"name": "ssh-tectia-pid-hfs-privilege-escalation(33699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33699"
},
{
"name": "1017913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1414",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt"
},
{
"name": "35014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35014"
},
{
"name": "34998",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34998"
},
{
"name": "24916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24916"
},
{
"name": "23508",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23508"
},
{
"name": "ssh-tectia-pid-hfs-privilege-escalation(33699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33699"
},
{
"name": "1017913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1414",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1414"
},
{
"name": "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt"
},
{
"name": "35014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35014"
},
{
"name": "34998",
"refsource": "OSVDB",
"url": "http://osvdb.org/34998"
},
{
"name": "24916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24916"
},
{
"name": "23508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23508"
},
{
"name": "ssh-tectia-pid-hfs-privilege-escalation(33699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33699"
},
{
"name": "1017913",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2063",
"datePublished": "2007-04-18T02:20:00",
"dateReserved": "2007-04-17T00:00:00",
"dateUpdated": "2024-08-07T13:23:49.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5616
Vulnerability from cvelistv5
Published
2008-01-09 21:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27191 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/0078 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1019167 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/28247 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/921339 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39569 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/WDON-7AMRRF | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27191"
},
{
"name": "ADV-2008-0078",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0078"
},
{
"name": "1019167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019167"
},
{
"name": "28247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28247"
},
{
"name": "VU#921339",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/921339"
},
{
"name": "ssh-tectia-sshsigner-privilege-escalation(39569)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/WDON-7AMRRF"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "27191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27191"
},
{
"name": "ADV-2008-0078",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0078"
},
{
"name": "1019167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019167"
},
{
"name": "28247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28247"
},
{
"name": "VU#921339",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/921339"
},
{
"name": "ssh-tectia-sshsigner-privilege-escalation(39569)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/WDON-7AMRRF"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-5616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27191"
},
{
"name": "ADV-2008-0078",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0078"
},
{
"name": "1019167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019167"
},
{
"name": "28247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28247"
},
{
"name": "VU#921339",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/921339"
},
{
"name": "ssh-tectia-sshsigner-privilege-escalation(39569)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569"
},
{
"name": "http://www.kb.cert.org/vuls/id/WDON-7AMRRF",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/WDON-7AMRRF"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-5616",
"datePublished": "2008-01-09T21:00:00",
"dateReserved": "2007-10-21T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5161
Vulnerability from cvelistv5
Published
2008-11-19 17:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openssh.org/txt/cbc.adv"
},
{
"name": "247186",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"name": "32319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32319"
},
{
"name": "33121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "49872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49872"
},
{
"name": "33308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33308"
},
{
"name": "RHSA-2009:1287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"name": "1021382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021382"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "50036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50036"
},
{
"name": "32833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32833"
},
{
"name": "36558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36558"
},
{
"name": "50035",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"name": "1021235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021235"
},
{
"name": "34857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"name": "ADV-2008-3173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"name": "20081123 Revised: OpenSSH security advisory: cbc.adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"name": "openssh-sshtectia-cbc-info-disclosure(46620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"name": "32740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32740"
},
{
"name": "ADV-2009-1135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"name": "32760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32760"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "1021236",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"name": "HPSBMA02447",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SSRT090062",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"name": "ADV-2008-3409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"name": "ADV-2008-3172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"name": "oval:org.mitre.oval:def:11279",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"name": "20081121 OpenSSH security advisory: cbc.adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "VU#958563",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/958563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openssh.org/txt/cbc.adv"
},
{
"name": "247186",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"name": "32319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32319"
},
{
"name": "33121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "49872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49872"
},
{
"name": "33308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33308"
},
{
"name": "RHSA-2009:1287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"name": "1021382",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021382"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "50036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50036"
},
{
"name": "32833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32833"
},
{
"name": "36558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36558"
},
{
"name": "50035",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"name": "1021235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021235"
},
{
"name": "34857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"name": "ADV-2008-3173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"name": "20081123 Revised: OpenSSH security advisory: cbc.adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"name": "openssh-sshtectia-cbc-info-disclosure(46620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"name": "32740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32740"
},
{
"name": "ADV-2009-1135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"name": "32760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32760"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "1021236",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"name": "HPSBMA02447",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SSRT090062",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"name": "ADV-2008-3409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"name": "ADV-2008-3172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"name": "oval:org.mitre.oval:def:11279",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"name": "20081121 OpenSSH security advisory: cbc.adv",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "VU#958563",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/958563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openssh.org/txt/cbc.adv",
"refsource": "CONFIRM",
"url": "http://openssh.org/txt/cbc.adv"
},
{
"name": "247186",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"name": "32319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32319"
},
{
"name": "33121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33121"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "49872",
"refsource": "OSVDB",
"url": "http://osvdb.org/49872"
},
{
"name": "33308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33308"
},
{
"name": "RHSA-2009:1287",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"name": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt",
"refsource": "MISC",
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"name": "1021382",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021382"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "50036",
"refsource": "OSVDB",
"url": "http://osvdb.org/50036"
},
{
"name": "32833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32833"
},
{
"name": "36558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36558"
},
{
"name": "50035",
"refsource": "OSVDB",
"url": "http://osvdb.org/50035"
},
{
"name": "http://www.ssh.com/company/news/article/953/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/news/article/953/"
},
{
"name": "1021235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021235"
},
{
"name": "34857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34857"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm",
"refsource": "MISC",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"name": "http://support.attachmate.com/techdocs/2398.html",
"refsource": "CONFIRM",
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html",
"refsource": "CONFIRM",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"name": "ADV-2008-3173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"name": "20081123 Revised: OpenSSH security advisory: cbc.adv",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"name": "openssh-sshtectia-cbc-info-disclosure(46620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"name": "32740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32740"
},
{
"name": "ADV-2009-1135",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"name": "32760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32760"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "1021236",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021236"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"name": "HPSBMA02447",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"name": "http://isc.sans.org/diary.html?storyid=5366",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SSRT090062",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"name": "ADV-2008-3409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"name": "ADV-2008-3172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"name": "oval:org.mitre.oval:def:11279",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"name": "20081121 OpenSSH security advisory: cbc.adv",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "VU#958563",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/958563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5161",
"datePublished": "2008-11-19T17:00:00",
"dateReserved": "2008-11-19T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27891
Vulnerability from cvelistv5
Published
2021-03-15 14:07
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://info.ssh.com/tectia-vulnerability-cve-2021-27891 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-15T14:16:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://info.ssh.com/tectia-vulnerability-cve-2021-27891",
"refsource": "MISC",
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27891",
"datePublished": "2021-03-15T14:07:27",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4315
Vulnerability from cvelistv5
Published
2006-08-23 22:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/19679 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1016743 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ssh.com/company/news/2006/english/security/article/775/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28566 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19679"
},
{
"name": "1016743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016743"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"name": "ssh-tectia-pathname-privilege-escalation(28566)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19679"
},
{
"name": "1016743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016743"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"name": "ssh-tectia-pathname-privilege-escalation(28566)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19679"
},
{
"name": "1016743",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016743"
},
{
"name": "http://www.ssh.com/company/news/2006/english/security/article/775/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"name": "ssh-tectia-pathname-privilege-escalation(28566)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4315",
"datePublished": "2006-08-23T22:00:00",
"dateReserved": "2006-08-23T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1120
Vulnerability from cvelistv5
Published
2005-03-12 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/displayvuln.php?osvdb_id=4491 | vdb-entry, x_refsource_OSVDB | |
| http://www.ssh.com/company/newsroom/article/520/ | x_refsource_CONFIRM | |
| http://securitytracker.com/alerts/2004/Mar/1009532.html | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15585 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9956 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11193 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/814198 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:36.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/newsroom/article/520/"
},
{
"name": "1009532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2004/Mar/1009532.html"
},
{
"name": "sshtectiaserver-passwdplugin-race-condition(15585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585"
},
{
"name": "9956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9956"
},
{
"name": "11193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11193"
},
{
"name": "VU#814198",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/814198"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server\u0027s private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/newsroom/article/520/"
},
{
"name": "1009532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2004/Mar/1009532.html"
},
{
"name": "sshtectiaserver-passwdplugin-race-condition(15585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585"
},
{
"name": "9956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9956"
},
{
"name": "11193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11193"
},
{
"name": "VU#814198",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/814198"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server\u0027s private key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4491",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4491"
},
{
"name": "http://www.ssh.com/company/newsroom/article/520/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/newsroom/article/520/"
},
{
"name": "1009532",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/Mar/1009532.html"
},
{
"name": "sshtectiaserver-passwdplugin-race-condition(15585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585"
},
{
"name": "9956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9956"
},
{
"name": "11193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11193"
},
{
"name": "VU#814198",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/814198"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1120",
"datePublished": "2005-03-12T05:00:00",
"dateReserved": "2005-03-11T00:00:00",
"dateUpdated": "2024-08-08T02:12:36.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5484
Vulnerability from cvelistv5
Published
2006-10-24 22:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1017060 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/22350 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/4032 | vdb-entry, x_refsource_VUPEN | |
| http://www.ssh.com/company/news/2006/english/security/article/786/ | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/845620 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1017061 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017060"
},
{
"name": "22350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22350"
},
{
"name": "ADV-2006-4032",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4032"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"name": "VU#845620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"name": "1017061",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017060"
},
{
"name": "22350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22350"
},
{
"name": "ADV-2006-4032",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4032"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"name": "VU#845620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"name": "1017061",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017060",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017060"
},
{
"name": "22350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22350"
},
{
"name": "ADV-2006-4032",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4032"
},
{
"name": "http://www.ssh.com/company/news/2006/english/security/article/786/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/news/2006/english/security/article/786/"
},
{
"name": "VU#845620",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/845620"
},
{
"name": "1017061",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5484",
"datePublished": "2006-10-24T22:00:00",
"dateReserved": "2006-10-24T00:00:00",
"dateUpdated": "2024-08-07T19:55:52.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4310
Vulnerability from cvelistv5
Published
2005-12-17 00:00
Modified
2024-08-07 23:38
Severity ?
EPSS score ?
Summary
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18001 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ssh.com/company/newsroom/article/694/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/15903 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2005/2929 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1015368 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/newsroom/article/694/"
},
{
"name": "15903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15903"
},
{
"name": "ADV-2005-2929",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2929"
},
{
"name": "1015368",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/newsroom/article/694/"
},
{
"name": "15903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15903"
},
{
"name": "ADV-2005-2929",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2929"
},
{
"name": "1015368",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18001"
},
{
"name": "http://www.ssh.com/company/newsroom/article/694/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/newsroom/article/694/"
},
{
"name": "15903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15903"
},
{
"name": "ADV-2005-2929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2929"
},
{
"name": "1015368",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4310",
"datePublished": "2005-12-17T00:00:00",
"dateReserved": "2005-12-16T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5975
Vulnerability from cvelistv5
Published
2012-12-04 23:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/23082/ | exploit, x_refsource_EXPLOIT-DB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html | mailing-list, x_refsource_FULLDISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html | mailing-list, x_refsource_FULLDISC | |
| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/23082/"
},
{
"name": "20121203 Re: SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit (king cope)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html"
},
{
"name": "20121201 SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-04T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/23082/"
},
{
"name": "20121203 Re: SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit (king cope)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html"
},
{
"name": "20121201 SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23082",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23082/"
},
{
"name": "20121203 Re: SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit (king cope)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html"
},
{
"name": "20121201 SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html"
},
{
"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5975",
"datePublished": "2012-12-04T23:00:00Z",
"dateReserved": "2012-11-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:37:22.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27892
Vulnerability from cvelistv5
Published
2021-03-15 14:08
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://info.ssh.com/tectia-vulnerability-cve-2021-27892 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-15T14:14:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://info.ssh.com/tectia-vulnerability-cve-2021-27892",
"refsource": "MISC",
"url": "https://info.ssh.com/tectia-vulnerability-cve-2021-27892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27892",
"datePublished": "2021-03-15T14:08:53",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-08-03T21:33:16.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2146
Vulnerability from cvelistv5
Published
2005-07-05 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/15894 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ssh.com/company/newsroom/article/653/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ssh.com/company/newsroom/article/653/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:40:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ssh.com/company/newsroom/article/653/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15894"
},
{
"name": "http://www.ssh.com/company/newsroom/article/653/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/newsroom/article/653/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2146",
"datePublished": "2005-07-05T04:00:00",
"dateReserved": "2005-07-06T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}