Mike Harding

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions 3.6.1 and earlier **Description** The issue allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely. **Recommendations** For OpenSSH versions 3.6.1 and earlier, consider updating to a newer version to mitigate the risk, as no specific fix is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.