Exploit the possiblities
Showing 1 - 3 of 3 RSS Feed


Posted Feb 9, 2001
Site openbsd.org

OpenBSD Security Advisory - OpenSSH-2.3.1, a development snapshot, only checked if a public key for public key authentication was permitted. In the protocol 2 part of the server, the challenge-response step that ensures that the connecting client is in possession of the corresponding private key has been omitted. As a result, anyone who could obtain the public key listed in the users authorized_keys file could log in as that user without authentication. This vulnerability affects only OpenSSH version 2.3.1 with support for protocol 2 enabled. The latest official release OpenSSH 2.3.0 is not affected by this problem. The latest snapshot version OpenSSH 2.3.2 is not affected either. Fix available here.

tags | protocol
systems | openbsd
MD5 | c422c2fc44914010f50ba2949acd9aa0
Posted Dec 22, 2000
Site openbsd.org

OpenBSD Security Advisory - A one byte buffer overflow bug in ftpd(8) allows remote attackers to execute arbitrary code as root provided they can create a directory.

tags | remote, overflow, arbitrary, root
systems | openbsd
MD5 | 4bb7c68699cbdd163e660389ee09524c
Posted Oct 4, 2000
Site openbsd.org

OpenBSD Advisories - There is a format string vulnerability present in the pw_error() function of OpenBSD 2.7's libutil library can yield localhost users root access through the setuid /usr/bin/chpass utility. Affected versions: OpenBSD versions through 2.7. FreeBSD 4.0 is vulnerable, but patches have been backported, and FreeBSD versions 4.1 and 4.1.1 are safe.

tags | root
systems | freebsd, openbsd
MD5 | e055d87087c56b543a33113a0b54b63d
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By