CVE-2005-2797 | Vulnerability Database | Aqua Security

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding (-D option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

Affected Software

Name	Vendor	Start Version	End Version
Openssh	Openbsd	4.0 (including)	4.0 (including)
Openssh	Ubuntu	dapper	*
Openssh	Ubuntu	devel	*
Openssh	Ubuntu	edgy	*
Openssh	Ubuntu	feisty	*

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt
http://marc.info/?l=bugtraq\u0026m=112605977304049\u0026w=2
http://secunia.com/advisories/16686
http://secunia.com/advisories/18010
http://secunia.com/advisories/18661
http://secunia.com/advisories/19243
http://securitytracker.com/id?1014845
http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
http://www.osvdb.org/19142
http://www.securityfocus.com/bid/14727
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt
http://marc.info/?l=bugtraq\u0026m=112605977304049\u0026w=2
http://secunia.com/advisories/16686
http://secunia.com/advisories/18010
http://secunia.com/advisories/18661
http://secunia.com/advisories/19243
http://securitytracker.com/id?1014845
http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
http://www.osvdb.org/19142
http://www.securityfocus.com/bid/14727

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2797
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html