OpenSSH 3.6.1 and previous versions, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote malicious users to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh 3.6.1 |