Damien Miller

4 exploits Active since Dec 2010
CVE-2010-4252 WRITEUP WORKING POC
OpenSSL < 1.0.0c - Improper Authentication via J-PAKE Parameter Validation Bypass
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
CVE-2010-4478 WRITEUP CRITICAL WORKING POC
OpenSSH < 5.6 - Unauthenticated Authentication Bypass via J-PAKE Protocol
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
CVSS 9.8
CVE-2015-6563 WRITEUP MEDIUM WRITEUP
OpenSSH < 6.9 - Local User Impersonation via MONITOR_REQ_PAM_INIT_CTX
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
CVSS 6.4
CVE-2015-6564 WRITEUP HIGH WRITEUP
OpenSSH < 6.9 - Use-After-Free in PAM Context Handling
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
CVSS 7.0