CVE-2003-0386

Published Jul 2, 2003

Last updated 10 days ago

CVSS info 7.5

Overview

Description
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Source
cve@mitre.org
NVD status
Modified
Products
openssh

Risk scores

CVSS 2.0

Type
Primary
Base score
7.5
Impact score
6.4
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.CVE-2026-35414
  2. In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.CVE-2025-32728
  3. A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.CVE-2025-26466
  4. A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.CVE-2025-26465
  5. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.CVE-2024-6387

References

Sources include official advisories and independent security research.