JVN Info.

Id
26720  
Name
JVNDB-2012-002427  
Title
Windows 上で稼働する Apple QuickTime におけるスタックベースのバッファオーバーフローの脆弱性  
Summary
Windows 上で稼働する Apple QuickTime には、スタックベースのバッファオーバーフローの脆弱性が存在します。  
Nvdinfo
CVE-2012-0265  
Cvssv2
9.3  
Jvnurl
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002427.html  
Published Date
2012-05-16  
Registered Date
2012-05-17  
Last Updated Date
2012-05-17  

Actions

Related Nessuslogs

Id Log ID Jvninfo Id Plugin ID CVE CVSS Risk Host Protocol Port Name Synopsis Description Solution See Also Plugin Output Actions
55984 H28_DWEB_NW_Scan_Q1_172_16_20_Seg_20160518_w9z1nf.csv 26720 86122 CVE-2015-5600 8.5 High 172.16.20.226 tcp 22 OpenSSH MaxAuthTries Bypass The SSH server running on the remote host is affected by a security bypass vulnerability that allows password brute-force attacks. The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms. The kbdint_next_device() function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacker can exploit this, via a crafted keyboard-interactive "devices" string, to bypass the normal restriction of 6 login attempts (MaxAuthTries), resulting in the ability to conduct a brute-force attack or cause a denial of service condition. Upgrade to OpenSSH 7.0 or later. Alternatively, this vulnerability can be mitigated on some Linux distributions by disabling the keyboard-interactive authentication method. This can be done on Red Hat Linux by setting "ChallengeResponseAuthentication" to "no" in the /etc/ssh/sshd_config configuration file and restarting the sshd service. http://www.openssh.com/txt/release-7.0
56249 H28_DWEB_NW_Scan_Q1_172_16_212_Seg_20160518_24dedy.csv 26720 86122 CVE-2015-5600 8.5 High 172.16.212.220 tcp 22 OpenSSH MaxAuthTries Bypass The SSH server running on the remote host is affected by a security bypass vulnerability that allows password brute-force attacks. The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms. The kbdint_next_device() function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacker can exploit this, via a crafted keyboard-interactive "devices" string, to bypass the normal restriction of 6 login attempts (MaxAuthTries), resulting in the ability to conduct a brute-force attack or cause a denial of service condition. Upgrade to OpenSSH 7.0 or later. Alternatively, this vulnerability can be mitigated on some Linux distributions by disabling the keyboard-interactive authentication method. This can be done on Red Hat Linux by setting "ChallengeResponseAuthentication" to "no" in the /etc/ssh/sshd_config configuration file and restarting the sshd service. http://www.openssh.com/txt/release-7.0
57698 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 26720 86122 CVE-2015-5600 8.5 High 172.16.240.150 tcp 22 OpenSSH MaxAuthTries Bypass The SSH server running on the remote host is affected by a security bypass vulnerability that allows password brute-force attacks. The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms. The kbdint_next_device() function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacker can exploit this, via a crafted keyboard-interactive "devices" string, to bypass the normal restriction of 6 login attempts (MaxAuthTries), resulting in the ability to conduct a brute-force attack or cause a denial of service condition. Upgrade to OpenSSH 7.0 or later. Alternatively, this vulnerability can be mitigated on some Linux distributions by disabling the keyboard-interactive authentication method. This can be done on Red Hat Linux by setting "ChallengeResponseAuthentication" to "no" in the /etc/ssh/sshd_config configuration file and restarting the sshd service. http://www.openssh.com/txt/release-7.0
58059 H28_DWeb_NWScan_Q1_172_16_242_Seg.csv 26720 86122 CVE-2015-5600 8.5 High 172.16.242.254 tcp 22 OpenSSH MaxAuthTries Bypass The SSH server running on the remote host is affected by a security bypass vulnerability that allows password brute-force attacks. The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms. The kbdint_next_device() function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacker can exploit this, via a crafted keyboard-interactive "devices" string, to bypass the normal restriction of 6 login attempts (MaxAuthTries), resulting in the ability to conduct a brute-force attack or cause a denial of service condition. Upgrade to OpenSSH 7.0 or later. Alternatively, this vulnerability can be mitigated on some Linux distributions by disabling the keyboard-interactive authentication method. This can be done on Red Hat Linux by setting "ChallengeResponseAuthentication" to "no" in the /etc/ssh/sshd_config configuration file and restarting the sshd service. http://www.openssh.com/txt/release-7.0