Openbsd: >> Openssh >> 2.2 Security Vulnerabilities
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
CVSS Score
5.0
EPSS Score
0.015
Published
2001-09-27
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
CVSS Score
7.2
EPSS Score
0.002
Published
2001-08-14
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
CVSS Score
7.5
EPSS Score
0.004
Published
2001-06-19
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
CVSS Score
10.0
EPSS Score
0.533
Published
2001-03-12
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
CVSS Score
7.5
EPSS Score
0.018
Published
2001-01-09
Page 7