• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability

A vulnerability has been reported for OpenSSH that may allow unauthorized access to an OpenSSH server's login mechanism.

The vulnerability occurs because of the way OpenSSH restricts access. It's possible to configure OpenSSH to restrict access based on certain patterns. When a numeric IP address is provided as the host that is attempting a connection, an attacker can trick the OpenSSH server to allow access.