Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0386

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0386
Last Modified 21 Aug 2010 12:15:57
Published 02 Jul 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0386

Summary

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.

Vulnerable Systems

Application

  • Openbsd Openssh 3.6.1


References

CERT-VN - VU#978316

BUGTRAQ - 20030605 OpenSSH remote clent address restriction circumvention

CONFIRM - http://lists.apple.com/mhonarc/security-announce/msg00038.html

CONFIRM - http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

CONFIRM - http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

BID - 7831

REDHAT - RHSA-2006:0698

REDHAT - RHSA-2006:0298

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm

SECUNIA - 23680

SECUNIA - 22196

SECUNIA - 21724

SECUNIA - 21262

SECUNIA - 21129

SGI - 20060703-01-P


Last Updated: 27 May 2016 10:37:53