Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891500
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for openssh (DLA-1500-1)
Summary:Several vulnerabilities have been found in OpenSSH, a free implementation;of the SSH protocol suite:;;CVE-2015-5352;;OpenSSH incorrectly verified time window deadlines for X connections.;Remote attackers could take advantage of this flaw to bypass intended;access restrictions. Reported by Jann Horn.;;CVE-2015-5600;;OpenSSH improperly restricted the processing of keyboard-interactive;devices within a single connection, which could allow remote attackers;to perform brute-force attacks or cause a denial of service, in a;non-default configuration.;;CVE-2015-6563;;OpenSSH incorrectly handled usernames during PAM authentication. In;conjunction with an additional flaw in the OpenSSH unprivileged child;process, remote attackers could make use if this issue to perform user;impersonation. Discovered by Moritz Jodeit.;;CVE-2015-6564;;Moritz Jodeit discovered a use-after-free flaw in PAM support in;OpenSSH, that could be used by remote attackers to bypass;authentication or possibly execute arbitrary code.;;CVE-2016-1908;;OpenSSH mishandled untrusted X11 forwarding when the X server disables;the SECURITY extension. Untrusted connections could obtain trusted X11;forwarding privileges. Reported by Thomas Hoger.;;CVE-2016-3115;;OpenSSH improperly handled X11 forwarding data related to;authentication credentials. Remote authenticated users could make use;of this flaw to bypass intended shell-command restrictions. Identified;by github.com/tintinweb.;;CVE-2016-6515;;OpenSSH did not limit password lengths for password authentication.;Remote attackers could make use of this flaw to cause a denial of;service via long strings.;;CVE-2016-10009;;Jann Horn discovered an untrusted search path vulnerability in;ssh-agent allowing remote attackers to execute arbitrary local;PKCS#11 modules by leveraging control over a forwarded agent-socket.;;CVE-2016-10011;;Jann Horn discovered that OpenSSH did not properly consider the;effects of realloc on buffer contents. This may allow local users to;obtain sensitive private-key information by leveraging access to a;privilege-separated child process.;;CVE-2016-10012;;Guido Vranken discovered that the OpenSSH shared memory manager;did not ensure that a bounds check was enforced by all compilers,;which could allow local users to gain privileges by leveraging access;to a sandboxed privilege-separation process.;;CVE-2016-10708;;NULL pointer dereference and daemon crash via an out-of-sequence;NEWKEYS message.;;CVE-2017-15906;;Michal Zalewski reported that OpenSSH improperly prevent write;operations in readonly mode, allowing attackers to create zero-length;files.
Description:Summary:
Several vulnerabilities have been found in OpenSSH, a free implementation
of the SSH protocol suite:

CVE-2015-5352

OpenSSH incorrectly verified time window deadlines for X connections.
Remote attackers could take advantage of this flaw to bypass intended
access restrictions. Reported by Jann Horn.

CVE-2015-5600

OpenSSH improperly restricted the processing of keyboard-interactive
devices within a single connection, which could allow remote attackers
to perform brute-force attacks or cause a denial of service, in a
non-default configuration.

CVE-2015-6563

OpenSSH incorrectly handled usernames during PAM authentication. In
conjunction with an additional flaw in the OpenSSH unprivileged child
process, remote attackers could make use if this issue to perform user
impersonation. Discovered by Moritz Jodeit.

CVE-2015-6564

Moritz Jodeit discovered a use-after-free flaw in PAM support in
OpenSSH, that could be used by remote attackers to bypass
authentication or possibly execute arbitrary code.

CVE-2016-1908

OpenSSH mishandled untrusted X11 forwarding when the X server disables
the SECURITY extension. Untrusted connections could obtain trusted X11
forwarding privileges. Reported by Thomas Hoger.

CVE-2016-3115

OpenSSH improperly handled X11 forwarding data related to
authentication credentials. Remote authenticated users could make use
of this flaw to bypass intended shell-command restrictions. Identified
by github.com/tintinweb.

CVE-2016-6515

OpenSSH did not limit password lengths for password authentication.
Remote attackers could make use of this flaw to cause a denial of
service via long strings.

CVE-2016-10009

Jann Horn discovered an untrusted search path vulnerability in
ssh-agent allowing remote attackers to execute arbitrary local
PKCS#11 modules by leveraging control over a forwarded agent-socket.

CVE-2016-10011

Jann Horn discovered that OpenSSH did not properly consider the
effects of realloc on buffer contents. This may allow local users to
obtain sensitive private-key information by leveraging access to a
privilege-separated child process.

CVE-2016-10012

Guido Vranken discovered that the OpenSSH shared memory manager
did not ensure that a bounds check was enforced by all compilers,
which could allow local users to gain privileges by leveraging access
to a sandboxed privilege-separation process.

CVE-2016-10708

NULL pointer dereference and daemon crash via an out-of-sequence
NEWKEYS message.

CVE-2017-15906

Michal Zalewski reported that OpenSSH improperly prevent write
operations in readonly mode, allowing attackers to create zero-length
files.

Affected Software/OS:
openssh on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
1:6.7p1-5+deb8u6.

We recommend that you upgrade your openssh packages.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5352
BugTraq ID: 75525
http://www.securityfocus.com/bid/75525
https://security.gentoo.org/glsa/201512-04
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://openwall.com/lists/oss-security/2015/07/01/10
RedHat Security Advisories: RHSA-2016:0741
http://rhn.redhat.com/errata/RHSA-2016-0741.html
http://www.securitytracker.com/id/1032797
SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
http://www.ubuntu.com/usn/USN-2710-1
http://www.ubuntu.com/usn/USN-2710-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-5600
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 75990
http://www.securityfocus.com/bid/75990
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
BugTraq ID: 92012
http://www.securityfocus.com/bid/92012
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
http://seclists.org/fulldisclosure/2015/Jul/92
http://openwall.com/lists/oss-security/2015/07/23/4
RedHat Security Advisories: RHSA-2016:0466
http://rhn.redhat.com/errata/RHSA-2016-0466.html
http://www.securitytracker.com/id/1032988
Common Vulnerability Exposure (CVE) ID: CVE-2015-6563
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
BugTraq ID: 76317
http://www.securityfocus.com/bid/76317
http://seclists.org/fulldisclosure/2015/Aug/54
http://www.openwall.com/lists/oss-security/2015/08/22/1
Common Vulnerability Exposure (CVE) ID: CVE-2015-6564
Common Vulnerability Exposure (CVE) ID: CVE-2016-1908
BugTraq ID: 84427
http://www.securityfocus.com/bid/84427
https://security.gentoo.org/glsa/201612-18
http://openwall.com/lists/oss-security/2016/01/15/13
RedHat Security Advisories: RHSA-2016:0465
http://rhn.redhat.com/errata/RHSA-2016-0465.html
http://www.securitytracker.com/id/1034705
Common Vulnerability Exposure (CVE) ID: CVE-2016-3115
BugTraq ID: 84314
http://www.securityfocus.com/bid/84314
https://www.exploit-db.com/exploits/39569/
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
FreeBSD Security Advisory: FreeBSD-SA-17:06
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
http://seclists.org/fulldisclosure/2016/Mar/46
http://seclists.org/fulldisclosure/2016/Mar/47
http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
http://www.securitytracker.com/id/1035249
Common Vulnerability Exposure (CVE) ID: CVE-2016-6515
BugTraq ID: 92212
http://www.securityfocus.com/bid/92212
https://www.exploit-db.com/exploits/40888/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc
http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html
http://openwall.com/lists/oss-security/2016/08/01/2
RedHat Security Advisories: RHSA-2017:2029
https://access.redhat.com/errata/RHSA-2017:2029
http://www.securitytracker.com/id/1036487
CopyrightCopyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.