DEBIAN-CVE-2003-0386

DEBIAN-CVE-2003-0386 PUBLISHED

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.

Affected Products

Vendor	Product	Versions
Debian:14	openssh	0, 0, 0
Debian:11	openssh	0, 0, 0
Debian:13	openssh	0, 0, 0
Debian:12	openssh	0, 0, 0

Timeline

Jul 2, 2003 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2003-0386 advisory

Open in Interactive Console →