Red Hat Local Security Checks : RedHat Update for openssh RHSA-2015:2088-06

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.871506

Category: Red Hat Local Security Checks

Title: RedHat Update for openssh RHSA-2015:2088-06

Summary: The remote host is missing an update for the 'openssh'; package(s) announced via the referenced advisory.

Description: Summary:
The remote host is missing an update for the 'openssh'
package(s) announced via the referenced advisory.

Vulnerability Insight:
OpenSSH is OpenBSD's SSH (Secure Shell)
protocol implementation. These packages include the core files necessary for both
the OpenSSH client and server.

A flaw was found in the way OpenSSH handled PAM authentication when using
privilege separation. An attacker with valid credentials on the system and
able to fully compromise a non-privileged pre-authentication process using
a different flaw could use this flaw to authenticate as other users.
(CVE-2015-6563)

A use-after-free flaw was found in OpenSSH. An attacker able to fully
compromise a non-privileged pre-authentication process using a different
flaw could possibly cause sshd to crash or execute arbitrary code with
root privileges. (CVE-2015-6564)

It was discovered that the OpenSSH sshd daemon did not check the list of
keyboard-interactive authentication methods for duplicates. A remote
attacker could use this flaw to bypass the MaxAuthTries limit, making it
easier to perform password guessing attacks. (CVE-2015-5600)

It was found that the OpenSSH ssh-agent, a program to hold private keys
used for public key authentication, was vulnerable to password guessing
attacks. An attacker able to connect to the agent could use this flaw to
conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)

This update fixes the following bugs:

* Previously, the sshd_config(5) man page was misleading and could thus
confuse the user. This update improves the man page text to clearly
describe the AllowGroups feature. (BZ#1150007)

* The limit for the function for restricting the number of files listed
using the wildcard character (*) that prevents the Denial of Service (DoS)
for both server and client was previously set too low. Consequently, the
user reaching the limit was prevented from listing a directory with a large
number of files over Secure File Transfer Protocol (SFTP). This update
increases the aforementioned limit, thus fixing this bug. (BZ#1160377)

* When the ForceCommand option with a pseudoterminal was used and the
MaxSession option was set to '2', multiplexed SSH connections did not work
as expected. After the user attempted to open a second multiplexed
connection, the attempt failed if the first connection was still open. This
update modifies OpenSSH to issue only one audit message per session, and
the user is thus able to open two multiplexed connections in this
situation. (BZ#1199112)

* The ssh-copy-id utility failed if the account on the remote server did
not use an sh-like shell. Remote commands have been modified to run in an
sh-like shell, and ssh-copy-id now works also with non-sh-like she ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
openssh on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5600
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 75990
http://www.securityfocus.com/bid/75990
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
BugTraq ID: 92012
http://www.securityfocus.com/bid/92012
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
http://seclists.org/fulldisclosure/2015/Jul/92
https://security.gentoo.org/glsa/201512-04
https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://openwall.com/lists/oss-security/2015/07/23/4
RedHat Security Advisories: RHSA-2016:0466
http://rhn.redhat.com/errata/RHSA-2016-0466.html
http://www.securitytracker.com/id/1032988
SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
http://www.ubuntu.com/usn/USN-2710-1
http://www.ubuntu.com/usn/USN-2710-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-6563
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
BugTraq ID: 76317
http://www.securityfocus.com/bid/76317
http://seclists.org/fulldisclosure/2015/Aug/54
http://www.openwall.com/lists/oss-security/2015/08/22/1
RedHat Security Advisories: RHSA-2016:0741
http://rhn.redhat.com/errata/RHSA-2016-0741.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-6564

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.871506
Category:	Red Hat Local Security Checks
Title:	RedHat Update for openssh RHSA-2015:2088-06
Summary:	The remote host is missing an update for the 'openssh'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the referenced advisory. Vulnerability Insight: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563) A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564) It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) It was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238) This update fixes the following bugs: * Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007) * The limit for the function for restricting the number of files listed using the wildcard character () that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377) When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to '2', multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112) * The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like she ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: openssh on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5600 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 75990 http://www.securityfocus.com/bid/75990 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 BugTraq ID: 92012 http://www.securityfocus.com/bid/92012 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html http://seclists.org/fulldisclosure/2015/Jul/92 https://security.gentoo.org/glsa/201512-04 https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html http://openwall.com/lists/oss-security/2015/07/23/4 RedHat Security Advisories: RHSA-2016:0466 http://rhn.redhat.com/errata/RHSA-2016-0466.html http://www.securitytracker.com/id/1032988 SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://www.ubuntu.com/usn/USN-2710-1 http://www.ubuntu.com/usn/USN-2710-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-6563 http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 76317 http://www.securityfocus.com/bid/76317 http://seclists.org/fulldisclosure/2015/Aug/54 http://www.openwall.com/lists/oss-security/2015/08/22/1 RedHat Security Advisories: RHSA-2016:0741 http://rhn.redhat.com/errata/RHSA-2016-0741.html Common Vulnerability Exposure (CVE) ID: CVE-2015-6564
Copyright	Copyright (C) 2015 Greenbone AG