|
OpenSSH IP address restriction bypass
|
|
Secunia Advisory:
|
SA8974
|
|
|
Release Date:
|
2003-06-09
|
|
Last Update:
|
2003-10-29
|
|
Popularity:
|
15,324 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | OpenSSH 3.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
A vulnerability has been identified in OpenSSH allowing users to access the system from IPs that they where not supposed to.
OpenSSH allows system administrators to limit access to the service based on hostnames or IP addresses. This may be configured so that specific users may only connect from certain IP addresses or hostnames.
The problem is that OpenSSH doesn't know when the restriction applies to a hostname or an IP. This allows users who controls the reverse DNS answer for their IP address to change their hostname so that it matches an IP address.
This affects versions 3.6.1 and earlier.
NOTE: This does not allow users to connect and authenticate with the service unless they have obtained a valid key or username / password.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
