Search for vulnerabilities
Vulnerability details: VCID-p3wg-kxa7-aaaa
Vulnerability ID VCID-p3wg-kxa7-aaaa
Aliases CVE-2003-0386
Summary OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Low https://access.redhat.com/errata/RHSA-2006:0298
rhas Important https://access.redhat.com/errata/RHSA-2006:0698
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.01124 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.09637 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.14054 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.15063 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.15063 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
epss 0.15063 https://api.first.org/data/v1/epss?cve=CVE-2003-0386
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1617024
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2003-0386
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
http://lists.apple.com/mhonarc/security-announce/msg00038.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0386.json
https://api.first.org/data/v1/epss?cve=CVE-2003-0386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386
http://secunia.com/advisories/21129
http://secunia.com/advisories/21262
http://secunia.com/advisories/21724
http://secunia.com/advisories/22196
http://secunia.com/advisories/23680
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894
http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
http://www.kb.cert.org/vuls/id/978316
http://www.redhat.com/support/errata/RHSA-2006-0298.html
http://www.redhat.com/support/errata/RHSA-2006-0698.html
http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0
http://www.securityfocus.com/bid/7831
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
1617024 https://bugzilla.redhat.com/show_bug.cgi?id=1617024
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
CVE-2003-0386 https://nvd.nist.gov/vuln/detail/CVE-2003-0386
RHSA-2006:0298 https://access.redhat.com/errata/RHSA-2006:0298
RHSA-2006:0698 https://access.redhat.com/errata/RHSA-2006:0698
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2003-0386
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.85063
EPSS Score 0.01124
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.