FreeBSD Security Advisory - OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts.
5a62702946b5a02f2793adee927547243f7fc23df83ae91a601fe9c2411fbd69
Mandriva Linux Security Advisory 2015-095 - sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.
704f97d77be07b02b98aa395298a8190003a67ae5101733fa1d6b66750ddbc2a
Red Hat Security Advisory 2015-0425-02 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions.
041952d5e34f9d7f1d4d15be4b88d5cbba613b337cc3beadd90c531898fb5f99
HP Security Bulletin HPSBUX03188 SSRT101487 1 - Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
f48ab840d0de653a028d42f01133ffad6f77ec827e8549cb98d0a31ab37fa27c
Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
b02606af88649aabc62638536f007c27bce518275be821922d8d2ba68cb082df
Red Hat Security Advisory 2014-1552-02 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions.
fb95bead5faf7e3d2a1535309cf11df56a72ffbadce90698ce7cfccc3976f3a0
Mandriva Linux Security Advisory 2014-068 - sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.
0cf7a48470f92f54508eabbd4f9e1e0ae23f32cf46918fd1489cc6e856cf1a08
Ubuntu Security Notice 2164-1 - Matthew Vernon discovered that OpenSSH did not correctly check SSHFP DNS records if a server presented an unacceptable host certificate. A malicious server could use this issue to disable SSHFP checking.
7b0f4e976b236236294b1d5252c077f746751ea14dd4ae1c72fe2805931b990f
Debian Linux Security Advisory 2894-1 - Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite.
5dba7d2302bdc35d448e8e95c5a203d4d00214d3bc18d6bf10df23d92a218c95