National Cyber-Alert System
Vulnerability Summary: CVE-2005-2797
Orirignal release date: 2005-09-06
Source: US-CERT/NIST

Overview

    OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

Impact

    CVSS Severity: 3.3 (Low)
    Range: remote
    Authentication: config
    Impact Type: int

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    OpenSSH (OpenBSD)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797