SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another, providing strong authentication and a secure communications over insecure channels.
449d88890616bf676cfd4765d574bcc00c229de6f95d705ca527a86b5ca61eb9
Secunia Security Advisory - Debian has issued an update for rssh. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
eebd89c421afe76c8ec364ab92b3326b1565c0fe049041b41a8d004476cd613d
Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.
0d9bc3525aeb950d987b4c43ac3fdffeb95324914c2925e4c0a684a30e340450
This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8e
The RaspberryPi Occidentalis version 0.1 image spawns sshd by default without prompting users to change their credentials, leaving their systems accessible via root/root default credentials.
656c7ec055e2f82105589240af2b020366360c6deae390094ae0d32f88f6c389
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
bfb10445f74a3bad526d0bc5d4bdd023e4c36c32ecbaf3e20091f91bbf16c5c1
metaSSH is a session plugin for Metasploit that gives you a meterpreter-like interface over an ssh connection. The author original wrote this code so they could cleanly reverse pivot over ssh from within metasploit. Features include multi-channel, pivoting, post-exploitation module use, and more.
cb2904017bd8381379f534d13af9da18283b5ba0d4dca0d7ece74f329056ef4e
PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.
1812a13d1cffed13f1b95a5ea54b983f1e16f8badf97b6fdc1d93d6b35816298
This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.
91e6a90b3c87b8f7d0724216a9917a20867daf81819abb0ea42429d1ebd62e36
This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.
50a054b3adfc63057235aeb9695006fc8e638c278b6eaaa6e062c18e1d54adf0
Red Hat Security Advisory 2012-0884-04 - OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default.
e31bda135d5a72d2a5a61f68bee6743afdd8a216bc8763bc44be729efbdf901e
This program uses multithreading to scan a range of IP addresses (IPv4) to find telnet/ssh and web servers. It then brute forces credentials against the host and upon success, will detect the type of host and execute commands.
387243e74e389e70607dc921917a7ce98e0479096f1955bb53e8173123c4e264
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.
418c09061fb9c3c26fec391a35a062780b21b3199885e3b27054619582469bd3
Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh.
e569ddc10821d9e494884093dab704f6cca8c684a13ead70079866b8250e251e
Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
aa3c9a1ec450a0d4938e11d530ee62851d77207f5fd3de404050516ca2d51b5a
Debian Linux Security Advisory 2456-1 - Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place.
74e30aac727f551c38ff58b3cc7ff8cd5d28075b68721fe8d01264232d3782b2
Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
69dfd771334c9008e86b1f53b96091fcd37892da4c55275494bc282c59b6d36a
lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more.
722aef41b53db2df3a5846004d0fc7f7782457a51f15e043cc0000d6f9268148
lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more.
e0c15e05fe5c02cd057f800604bc09cdea79a4698550660db5ecfb15234fac0e
This Metasploit module exploits a vulnerability found in Sysax's SSH service. By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. Please note that previous versions (before 5.53) are also affected by this bug.
4c79bc67dd01aa9c6f086a33e5e924a0b8feec60ac0ce68bacb83a81e643b256
Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.
1a9e244ba23211e8a0745f4370e9f10d0e94ad75ca261b64e8e40b6e0606839f
Secunia Security Advisory - Danny Fullerton has reported a vulnerability in Dropbear SSH Server, which can be exploited by malicious users to gain escalated privileges.
475e24c29964075692e761a8861ce2274f22eb05fcee72a09cefce860554a545
The Dropbear SSH server suffers from a use-after-free vulnerability that allows for arbitrary code execution.
64265ec1c523533339855204fdc6f2a60efec7010b11b476bb2709c5aaf7b16e
Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.
60c143ecd4d6ffe4192aff95ab81bf9c5c724a5949e3b50a7b74e11616e76fc3
Red Hat Security Advisory 2012-0152-03 - The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.
1c41a7b78dddff29fbca19fb727c662674083476186d59c3f5ef78f52bcbd3ec
This is a patch for OpenSSH version 5.9p1 that adds a magic root password backdoor, logs usernames and passwords and keeps connections from being logged in wtmp, utmp, etc.
294b74ffd207124239b3013f71cccdcb5dc76d5678ea55de7a9c059b9d674d5f