1. CVE-Search
  2. CVE-2005-2797
ID CVE-2005-2797
Summary OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-12-2016 - 03:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 14727
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm
mlist [openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released
openpkg OpenPKG-SA-2005.019
osvdb 19142
sco
  • SCOSA-2005.53
  • SCOSA-2006.11
sectrack 1014845
secunia
  • 16686
  • 18010
  • 18661
  • 19243
statements via4
contributor Tomas Hoger
lastmodified 2009-11-25
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3 or 4.
Last major update 08-12-2016 - 03:00
Published 06-09-2005 - 17:03
Last modified 08-12-2016 - 03:00
Back to Top