CVE-2004-1653
EXPLOITEDOpenSSH < 3.9 - Authenticated Port Bounce via AllowTcpForwarding
Title source: llmExploitation Summary
CVE-2004-1653 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109413637313484&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17213
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011143
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9562
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20191107-0001/
Scores
EPSS
0.0039
EPSS Percentile
60.1%
Details
VulnCheck KEV
2016-10-12
Status
published
Products (1)
openbsd/openssh
< 3.9
Published
Aug 31, 2004
Tracked Since
Feb 18, 2026