OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass from= and user@host address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssh | Openbsd | 3.6.1 (including) | 3.6.1 (including) |
Red Hat Enterprise Linux 2.1 | RedHat | openssh-0:3.1p1-21 | * |
Red Hat Enterprise Linux 3 | RedHat | openssh-0:3.6.1p2-33.30.9 | * |