Vulnerabilities > Openbsd > Openssh > 2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-12-21 | CVE-2001-0872 | OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. | 7.2 |
2001-12-06 | CVE-2001-0816 | Unspecified vulnerability in Openbsd Openssh OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. | 7.5 |
2001-10-18 | CVE-2001-1380 | Unspecified vulnerability in Openbsd Openssh OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. | 7.5 |
2001-09-27 | CVE-2001-1382 | Remote Security vulnerability in OpenSSH The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. | 5.0 |
2001-08-14 | CVE-2001-0529 | Symbolic Link vulnerability in OpenSSH Client X11 Forwarding Cookie Removal File OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. | 7.2 |
2001-06-27 | CVE-2001-0361 | Cryptographic Issues vulnerability in multiple products Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. | 4.0 |
2001-06-19 | CVE-2001-1459 | Unspecified vulnerability in Openbsd Openssh OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. | 7.5 |
2001-03-12 | CVE-2001-0144 | CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. | 10.0 |
2000-06-08 | CVE-2000-0525 | Unspecified vulnerability in Openbsd Openssh 1.2/1.2.3/2.1 OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. | 10.0 |