OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass from= and user@host address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssh | Openbsd | 3.6.1 (including) | 3.6.1 (including) |