Denial of Service : OpenSSH < 7.3 DoS and User Enumeration Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.809154

Categoría: Denial of Service

Título: OpenSSH < 7.3 DoS and User Enumeration Vulnerabilities - Linux

Resumen: OpenSSH is prone to denial of service (DoS) and user enumeration; vulnerabilities.

Descripción: Summary:
OpenSSH is prone to denial of service (DoS) and user enumeration
vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- The auth_password function in 'auth-passwd.c' script does not limit password lengths for
password authentication.

- The sshd in OpenSSH, when SHA256 or SHA512 are used for user password hashing uses BLOWFISH
hashing on a static password when the username does not exist and it takes much longer to
calculate SHA256/SHA512 hash than BLOWFISH hash.

Vulnerability Impact:
Successfully exploiting this issue allows remote attackers to
cause a denial of service (crypt CPU consumption) and to enumerate users by leveraging the timing
difference between responses when a large password is provided.

Affected Software/OS:
OpenSSH versions before 7.3 on Linux.

Solution:
Update to version 7.3 or later.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-6515
BugTraq ID: 92212
http://www.securityfocus.com/bid/92212
https://www.exploit-db.com/exploits/40888/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/
FreeBSD Security Advisory: FreeBSD-SA-17:06
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc
http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://openwall.com/lists/oss-security/2016/08/01/2
RedHat Security Advisories: RHSA-2017:2029
https://access.redhat.com/errata/RHSA-2017:2029
http://www.securitytracker.com/id/1036487
Common Vulnerability Exposure (CVE) ID: CVE-2016-6210
BugTraq ID: 91812
http://www.securityfocus.com/bid/91812
Debian Security Information: DSA-3626 (Google Search)
http://www.debian.org/security/2016/dsa-3626
https://www.exploit-db.com/exploits/40113/
https://www.exploit-db.com/exploits/40136/
http://seclists.org/fulldisclosure/2016/Jul/51
https://security.gentoo.org/glsa/201612-18
RedHat Security Advisories: RHSA-2017:2563
https://access.redhat.com/errata/RHSA-2017:2563
http://www.securitytracker.com/id/1036319

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.809154
Categoría:	Denial of Service
Título:	OpenSSH < 7.3 DoS and User Enumeration Vulnerabilities - Linux
Resumen:	OpenSSH is prone to denial of service (DoS) and user enumeration; vulnerabilities.
Descripción:	Summary: OpenSSH is prone to denial of service (DoS) and user enumeration vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - The auth_password function in 'auth-passwd.c' script does not limit password lengths for password authentication. - The sshd in OpenSSH, when SHA256 or SHA512 are used for user password hashing uses BLOWFISH hashing on a static password when the username does not exist and it takes much longer to calculate SHA256/SHA512 hash than BLOWFISH hash. Vulnerability Impact: Successfully exploiting this issue allows remote attackers to cause a denial of service (crypt CPU consumption) and to enumerate users by leveraging the timing difference between responses when a large password is provided. Affected Software/OS: OpenSSH versions before 7.3 on Linux. Solution: Update to version 7.3 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6515 BugTraq ID: 92212 http://www.securityfocus.com/bid/92212 https://www.exploit-db.com/exploits/40888/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/ FreeBSD Security Advisory: FreeBSD-SA-17:06 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html http://openwall.com/lists/oss-security/2016/08/01/2 RedHat Security Advisories: RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029 http://www.securitytracker.com/id/1036487 Common Vulnerability Exposure (CVE) ID: CVE-2016-6210 BugTraq ID: 91812 http://www.securityfocus.com/bid/91812 Debian Security Information: DSA-3626 (Google Search) http://www.debian.org/security/2016/dsa-3626 https://www.exploit-db.com/exploits/40113/ https://www.exploit-db.com/exploits/40136/ http://seclists.org/fulldisclosure/2016/Jul/51 https://security.gentoo.org/glsa/201612-18 RedHat Security Advisories: RHSA-2017:2563 https://access.redhat.com/errata/RHSA-2017:2563 http://www.securitytracker.com/id/1036319
Copyright	Copyright (C) 2016 Greenbone AG