what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

OpenSSH 7.2 Denial Of Service
Posted Dec 8, 2016
Authored by Kashinath T | Site secpod.com

OpenSSH versions 7.2 and below crypt CPU consumption denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2016-6515
SHA-256 | 85813c4a45e54ff563c3ade3e42af0997614ba11790f829f24352c73b552928d

Related Files

Windows Service Trusted Path Privilege Escalation
Posted Aug 15, 2012
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.

tags | exploit
systems | windows
SHA-256 | 13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8e
OpenSSH 6.0p1 Full Backdoor Patch
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.

tags | patch
systems | unix
SHA-256 | 91e6a90b3c87b8f7d0724216a9917a20867daf81819abb0ea42429d1ebd62e36
OpenSSH 6.0p1 Magic Password Patch
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.

tags | patch
systems | unix
SHA-256 | 50a054b3adfc63057235aeb9695006fc8e638c278b6eaaa6e062c18e1d54adf0
Red Hat Security Advisory 2012-0884-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0884-04 - OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default.

tags | advisory, remote, denial of service, shell, protocol
systems | linux, redhat, openbsd
advisories | CVE-2011-5000
SHA-256 | e31bda135d5a72d2a5a61f68bee6743afdd8a216bc8763bc44be729efbdf901e
OpenSSH 5.9p1 Backdoor
Posted Feb 11, 2012
Authored by IPSECS

This is a patch for OpenSSH version 5.9p1 that adds a magic root password backdoor, logs usernames and passwords and keeps connections from being logged in wtmp, utmp, etc.

tags | root, encryption
systems | unix
SHA-256 | 294b74ffd207124239b3013f71cccdcb5dc76d5678ea55de7a9c059b9d674d5f
Fake sshd Tool
Posted Jan 17, 2012
Authored by James Stevenson | Site stev.org

This is a fake sshd which can be used to log common login attempts which are typically used by scammers / spammers / script kiddies to attempt to gain access to servers. It does not modify OpenSSH and uses libssh instead. There is no valid way to login to a shell, can be used to tarpit / delay attackers and can be used to steal the entries used in a dictionary attack.

tags | tool, shell, encryption
SHA-256 | 2cae65ecac170b8d18902634e1d32ed99b5ad3fc094c4e1979ffdde16083f3ed
Hacking iOS Devices
Posted Dec 7, 2011
Authored by Japson

Whitepaper called Hacking Dispositivos iOS. It demonstrates how dangerous it is to be connected to a wireless network with an iOS device that has OpenSSH enabled. Written in Spanish.

tags | paper
systems | apple, iphone
SHA-256 | 69fe6147bbfce7aa1f1fda7be05564726198e6a7762c9a4c617c46545fd0da39
OpenSSH 5.5p1 Backdoor
Posted Nov 13, 2011
Authored by IPSECS

This is a patch for OpenSSH version 5.5p1 that adds a magic root password backdoor that also keylogs.

tags | root, encryption
systems | unix
SHA-256 | 50ff0a3df7ee2c889a5de709bbb818e0bf676dc9ddc771cfd7342912ac48de7d
OpenSSH 5.9p1
Posted Sep 6, 2011
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This release added experimental sandboxing of network-facing code during the pre-authentication phase and SHA2-based HMAC modes for the SSH transport. sshd now sends logs from the privilege-separated process via a pipe, eliminating the need for /var/empty/dev/log. There were many more bugfixes and changes.
tags | encryption
systems | linux, unix, openbsd
SHA-256 | 6497ed9245fd883ef37cc984504ec91b1b780335510e1b353bedc9a0d6466a63
OpenSSH Resource Exhaustion Via GSSAPI
Posted Aug 2, 2011
Authored by Adam Zabrocki

OpenSSH with gssapi-with-mic support suffers from a resource exhaustion vulnerability. It is possible to provide any value to the xmalloc() function, which is a simple wrapper to the malloc() function. This forces an application to allocate a huge amount of the memory (4GB?) and naturally exhausts available resources. Repeating this attack, by simply open many session, can kill the server.

tags | advisory
SHA-256 | 65e738aed80888821cfc7b7291b21f403013fd57e28e24c9a17233bbb9662c26
Red Hat Security Advisory 2011-0920-01
Posted Jul 5, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0920-01 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.

tags | advisory, remote, root
systems | linux, redhat
advisories | CVE-2011-1526
SHA-256 | 92eaf7d09061e8d6782fff5fc8afaf3e2839d6649eddf1a4cbabe01663326a44
OpenSSH 3.4p1 FreeBSD Remote Root Exploit
Posted Jul 1, 2011
Authored by Kingcope

OpenSSH version 3.4p1 remote root exploit for FreeBSD.

tags | exploit, remote, root
systems | freebsd
SHA-256 | 784ac2c808aee05f8e7a89a108734acf1284cde95b4a09f41ebde5b82c0728af
OpenSSH 3.5p1 Remote Root Exploit For FreeBSD
Posted Jun 30, 2011
Authored by Kingcope

Remote root exploit for OpenSSH version 3.5p1 on FreeBSD that affects versions 4.9 and 4.11. Other versions may also be affected. The bug appears to reside in auth2-pam-freebsd.c.

tags | exploit, remote, root
systems | freebsd
SHA-256 | b0a72514bab1b654a9acc1539d19dc102efa3d5f89c49d95b1b5b7dae0a88734
OpenSSH 5.8p2
Posted May 4, 2011
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Fixed a local private host key compromise on platforms without host-level randomness support.
tags | encryption
systems | linux, unix, openbsd
SHA-256 | e5a1c821dd8dc33a94c445290956d52e03b3c450f9cd448b96d92317fd4cce42
OpenSSH Security Advisory - Unauthorized Access
Posted May 4, 2011
Authored by Damien Miller | Site openssh.com

OpenSSH Security Advisory - Portable OpenSSH prior to version 5.8p2 only on platforms that are configured to use ssh-rand-helper for entropy collection. ssh-rand-helper is enabled at configure time when it is detected that OpenSSL does not have a built-in source of randomness, and only used at runtime if this condition remains. Platforms that support /dev/random or otherwise configure OpenSSL with a random number provider are not vulnerable. Version 5.8p2 fixes this issue.

tags | advisory
SHA-256 | 486207ec2f9fb1f7152210c018051c0a98ac5a4908b2ab16da056d78f48c5319
Secunia Security Advisory 44347
Posted May 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Portable OpenSSH, which can be exploited by malicious, local users to disclose sensitive information.

tags | advisory, local
SHA-256 | 9fd263953006c426c532796ac42fff0d842cb5442cccfe6614e36f3e3bdbf77e
Secunia Security Advisory 44347
Posted May 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Portable OpenSSH, which can be exploited by malicious, local users to disclose sensitive information.

tags | advisory, local
SHA-256 | 9fd263953006c426c532796ac42fff0d842cb5442cccfe6614e36f3e3bdbf77e
Secunia Security Advisory 43181
Posted Feb 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in OpenSSH, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | b4f52c3aec937c83388697ae7268f4eb14e4d050db67002ad0a8fa00826df3f5
OpenSSH 5.7p1
Posted Jan 24, 2011
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: ECC support for kex exchange and public key authentication, SFTP hard link support, improved QoS/DSCP support, bandwidth limiting for SFTP, and more.
tags | encryption
systems | linux, unix, openbsd
SHA-256 | 59057d727d902d8b04b2ce0ba8f288c6e02cb65aca183cc8d559a4a66426581b
Phreebird DNSSEC Proxy 1.02
Posted Nov 16, 2010
Authored by Dan Kaminsky

Phreebird is a DNSSEC proxy that operates in front of an existing DNS server (such as BIND, Unbound, PowerDNS, Microsoft DNS, or QIP) and supplements its records with DNSSEC responses. Features of Phreebird include automatic key generation, realtime record signing, support for arbitrary responses, zero configuration, NSEC3 "White Lies", caching and rate limiting to deter DoS attacks, and experimental support for both Coarse Time over DNS and HTTP Virtual Channels. The suite also contains a large amount of sample code, including support for federated identity over OpenSSH. Finally, "Phreeload" enhances existing OpenSSL applications with DNSSEC support.

tags | tool, web, arbitrary
systems | unix
SHA-256 | 851f74625841584a432de6c57ae431f0553eb5bb5633b06087be46e51e44f01b
OpenSSH 5.6p1
Posted Aug 27, 2010
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. Hostbased authentication may now use certificate host keys. ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token. Various other additions and bug fixes.
tags | encryption
systems | linux, openbsd
SHA-256 | 538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b
Go Null Yourself E-Zine Issue 01
Posted Jul 8, 2010
Authored by gny | Site gonullyourself.org

Go Null Yourself E-zine Issue 1 - Topics in this issue include RTLO Spoofing, Alternate Data Streams, Derandomizing Perl's RNG, Trojaning OpenSSH and more.

tags | trojan, perl, spoof, magazine
SHA-256 | da764bb263f3ff2f6073ba91670651cedf533d2c37e234ff11609dae96d20245
Secunia Security Advisory 40234
Posted Jun 28, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged two vulnerabilities in OpenSSH, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information.

tags | advisory, local, vulnerability
SHA-256 | f919041aa6a37c0877046789c55c71d79645400f1c4202693e2d4906bd52dd13
Secunia Security Advisory 39182
Posted Mar 30, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for openssh. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, fedora
SHA-256 | 9a5e2d9b141ea11509061e76cfec1c638879072e16eca63adf95435af7c5d87b
OpenSSH 5.4p1
Posted Mar 8, 2010
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This is a major feature and bugfix release. Major changes include disabling SSH protocol 1 by default, removal of legacy OpenSC/libsectok smartcard support, addition of PKCS#11 support, introduction of a new certificate authentication method for users and hosts, revised session multiplexing code, many improvements to sftp from the Google Summer of Code 2009, and lots of bugfixes.
tags | encryption
systems | linux, openbsd
SHA-256 | ae96e70d04104824ab10f0d7aaef4584ac96b2a870adfcd8b457d836c8c5404e
Page 1 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close