Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.891500 |
Category: | Debian Local Security Checks |
Title: | Debian LTS: Security Advisory for openssh (DLA-1500-1) |
Summary: | Several vulnerabilities have been found in OpenSSH, a free implementation;of the SSH protocol suite:;;CVE-2015-5352;;OpenSSH incorrectly verified time window deadlines for X connections.;Remote attackers could take advantage of this flaw to bypass intended;access restrictions. Reported by Jann Horn.;;CVE-2015-5600;;OpenSSH improperly restricted the processing of keyboard-interactive;devices within a single connection, which could allow remote attackers;to perform brute-force attacks or cause a denial of service, in a;non-default configuration.;;CVE-2015-6563;;OpenSSH incorrectly handled usernames during PAM authentication. In;conjunction with an additional flaw in the OpenSSH unprivileged child;process, remote attackers could make use if this issue to perform user;impersonation. Discovered by Moritz Jodeit.;;CVE-2015-6564;;Moritz Jodeit discovered a use-after-free flaw in PAM support in;OpenSSH, that could be used by remote attackers to bypass;authentication or possibly execute arbitrary code.;;CVE-2016-1908;;OpenSSH mishandled untrusted X11 forwarding when the X server disables;the SECURITY extension. Untrusted connections could obtain trusted X11;forwarding privileges. Reported by Thomas Hoger.;;CVE-2016-3115;;OpenSSH improperly handled X11 forwarding data related to;authentication credentials. Remote authenticated users could make use;of this flaw to bypass intended shell-command restrictions. Identified;by github.com/tintinweb.;;CVE-2016-6515;;OpenSSH did not limit password lengths for password authentication.;Remote attackers could make use of this flaw to cause a denial of;service via long strings.;;CVE-2016-10009;;Jann Horn discovered an untrusted search path vulnerability in;ssh-agent allowing remote attackers to execute arbitrary local;PKCS#11 modules by leveraging control over a forwarded agent-socket.;;CVE-2016-10011;;Jann Horn discovered that OpenSSH did not properly consider the;effects of realloc on buffer contents. This may allow local users to;obtain sensitive private-key information by leveraging access to a;privilege-separated child process.;;CVE-2016-10012;;Guido Vranken discovered that the OpenSSH shared memory manager;did not ensure that a bounds check was enforced by all compilers,;which could allow local users to gain privileges by leveraging access;to a sandboxed privilege-separation process.;;CVE-2016-10708;;NULL pointer dereference and daemon crash via an out-of-sequence;NEWKEYS message.;;CVE-2017-15906;;Michal Zalewski reported that OpenSSH improperly prevent write;operations in readonly mode, allowing attackers to create zero-length;files. |
Description: | Summary: Several vulnerabilities have been found in OpenSSH, a free implementation of the SSH protocol suite: CVE-2015-5352 OpenSSH incorrectly verified time window deadlines for X connections. Remote attackers could take advantage of this flaw to bypass intended access restrictions. Reported by Jann Horn. CVE-2015-5600 OpenSSH improperly restricted the processing of keyboard-interactive devices within a single connection, which could allow remote attackers to perform brute-force attacks or cause a denial of service, in a non-default configuration. CVE-2015-6563 OpenSSH incorrectly handled usernames during PAM authentication. In conjunction with an additional flaw in the OpenSSH unprivileged child process, remote attackers could make use if this issue to perform user impersonation. Discovered by Moritz Jodeit. CVE-2015-6564 Moritz Jodeit discovered a use-after-free flaw in PAM support in OpenSSH, that could be used by remote attackers to bypass authentication or possibly execute arbitrary code. CVE-2016-1908 OpenSSH mishandled untrusted X11 forwarding when the X server disables the SECURITY extension. Untrusted connections could obtain trusted X11 forwarding privileges. Reported by Thomas Hoger. CVE-2016-3115 OpenSSH improperly handled X11 forwarding data related to authentication credentials. Remote authenticated users could make use of this flaw to bypass intended shell-command restrictions. Identified by github.com/tintinweb. CVE-2016-6515 OpenSSH did not limit password lengths for password authentication. Remote attackers could make use of this flaw to cause a denial of service via long strings. CVE-2016-10009 Jann Horn discovered an untrusted search path vulnerability in ssh-agent allowing remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. CVE-2016-10011 Jann Horn discovered that OpenSSH did not properly consider the effects of realloc on buffer contents. This may allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. CVE-2016-10012 Guido Vranken discovered that the OpenSSH shared memory manager did not ensure that a bounds check was enforced by all compilers, which could allow local users to gain privileges by leveraging access to a sandboxed privilege-separation process. CVE-2016-10708 NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message. CVE-2017-15906 Michal Zalewski reported that OpenSSH improperly prevent write operations in readonly mode, allowing attackers to create zero-length files. Affected Software/OS: openssh on Debian Linux Solution: For Debian 8 'Jessie', these problems have been fixed in version 1:6.7p1-5+deb8u6. We recommend that you upgrade your openssh packages. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5352 BugTraq ID: 75525 http://www.securityfocus.com/bid/75525 https://security.gentoo.org/glsa/201512-04 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html http://openwall.com/lists/oss-security/2015/07/01/10 RedHat Security Advisories: RHSA-2016:0741 http://rhn.redhat.com/errata/RHSA-2016-0741.html http://www.securitytracker.com/id/1032797 SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://www.ubuntu.com/usn/USN-2710-1 http://www.ubuntu.com/usn/USN-2710-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-5600 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 75990 http://www.securityfocus.com/bid/75990 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 BugTraq ID: 92012 http://www.securityfocus.com/bid/92012 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html http://seclists.org/fulldisclosure/2015/Jul/92 http://openwall.com/lists/oss-security/2015/07/23/4 RedHat Security Advisories: RHSA-2016:0466 http://rhn.redhat.com/errata/RHSA-2016-0466.html http://www.securitytracker.com/id/1032988 Common Vulnerability Exposure (CVE) ID: CVE-2015-6563 http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 76317 http://www.securityfocus.com/bid/76317 http://seclists.org/fulldisclosure/2015/Aug/54 http://www.openwall.com/lists/oss-security/2015/08/22/1 Common Vulnerability Exposure (CVE) ID: CVE-2015-6564 Common Vulnerability Exposure (CVE) ID: CVE-2016-1908 BugTraq ID: 84427 http://www.securityfocus.com/bid/84427 https://security.gentoo.org/glsa/201612-18 http://openwall.com/lists/oss-security/2016/01/15/13 RedHat Security Advisories: RHSA-2016:0465 http://rhn.redhat.com/errata/RHSA-2016-0465.html http://www.securitytracker.com/id/1034705 Common Vulnerability Exposure (CVE) ID: CVE-2016-3115 BugTraq ID: 84314 http://www.securityfocus.com/bid/84314 https://www.exploit-db.com/exploits/39569/ http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html FreeBSD Security Advisory: FreeBSD-SA-17:06 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc http://seclists.org/fulldisclosure/2016/Mar/46 http://seclists.org/fulldisclosure/2016/Mar/47 http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 http://www.securitytracker.com/id/1035249 Common Vulnerability Exposure (CVE) ID: CVE-2016-6515 BugTraq ID: 92212 http://www.securityfocus.com/bid/92212 https://www.exploit-db.com/exploits/40888/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/ https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html http://openwall.com/lists/oss-security/2016/08/01/2 RedHat Security Advisories: RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029 http://www.securitytracker.com/id/1036487 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |