Lucene search
AmazonALAS-2015-568HistoryJul 22, 2015 - 10:00 a.m.
Medium: openssh
2015-07-2210:00:00
alas.aws.amazon.com
12
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
85.3%
Issue Overview:
It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with “fail open” behavior in the X11 server when clients attempted connections with expired credentials.
Affected Packages:
openssh
Issue Correction:
Run yum update openssh to update your system.
New Packages:
i686:
openssh-server-6.2p2-8.44.amzn1.i686
openssh-debuginfo-6.2p2-8.44.amzn1.i686
openssh-clients-6.2p2-8.44.amzn1.i686
pam_ssh_agent_auth-0.9.3-5.8.44.amzn1.i686
openssh-6.2p2-8.44.amzn1.i686
openssh-ldap-6.2p2-8.44.amzn1.i686
openssh-keycat-6.2p2-8.44.amzn1.i686
src:
openssh-6.2p2-8.44.amzn1.src
x86_64:
openssh-6.2p2-8.44.amzn1.x86_64
openssh-keycat-6.2p2-8.44.amzn1.x86_64
pam_ssh_agent_auth-0.9.3-5.8.44.amzn1.x86_64
openssh-clients-6.2p2-8.44.amzn1.x86_64
openssh-debuginfo-6.2p2-8.44.amzn1.x86_64
openssh-ldap-6.2p2-8.44.amzn1.x86_64
openssh-server-6.2p2-8.44.amzn1.x86_64
Additional References
Red Hat: CVE-2015-5352
Mitre: CVE-2015-5352
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | openssh-server | < 6.2p2-8.44.amzn1 | openssh-server-6.2p2-8.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssh-debuginfo | < 6.2p2-8.44.amzn1 | openssh-debuginfo-6.2p2-8.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssh-clients | < 6.2p2-8.44.amzn1 | openssh-clients-6.2p2-8.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | pam_ssh_agent_auth | < 0.9.3-5.8.44.amzn1 | pam_ssh_agent_auth-0.9.3-5.8.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssh | < 6.2p2-8.44.amzn1 | openssh-6.2p2-8.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssh-ldap | < 6.2p2-8.44.amzn1 | openssh-ldap-6.2p2-8.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssh-keycat | < 6.2p2-8.44.amzn1 | openssh-keycat-6.2p2-8.44.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | openssh | < 6.2p2-8.44.amzn1 | openssh-6.2p2-8.44.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssh-keycat | < 6.2p2-8.44.amzn1 | openssh-keycat-6.2p2-8.44.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | pam_ssh_agent_auth | < 0.9.3-5.8.44.amzn1 | pam_ssh_agent_auth-0.9.3-5.8.44.amzn1.x86_64.rpm |
Related
veracode
veracode
Authorization Bypass
2019-01-15 09:11:25
nessus
nessus
OpenSSH < 6.9 Multiple Vulnerabilities
2016-04-22 00:00:00
Fedora 21 : openssh-6.6.1p1-13.fc21 (2015-11067)
2015-07-14 00:00:00
F5 Networks BIG-IP : OpenSSH vulnerability (K17461)
2017-03-07 00:00:00
ubuntucve
ubuntucve
CVE-2015-5352
2015-08-02 00:00:00
openvas
openvas
Fedora Update for openssh FEDORA-2015-11063
2015-07-11 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-568)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2015-0271)
2015-10-15 00:00:00
prion
prion
Design/Logic Flaw
2015-08-03 01:59:00
debiancve
debiancve
CVE-2015-5352
2015-08-03 01:59:00
archlinux
archlinux
openssh: XSECURITY restrictions bypass
2015-07-04 00:00:00
mageia
mageia
Updated openssh package fixes security vulnerability
2015-07-09 11:09:20
fedora
fedora
[SECURITY] Fedora 22 Update: openssh-6.9p1-1.fc22
2015-07-10 19:18:26
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-13.fc21
2015-07-10 19:09:25
f5
f5
K17461 : OpenSSH vulnerability CVE-2015-5352
2015-10-28 00:00:00
SOL17461 - OpenSSH vulnerability CVE-2015-5352
2015-10-28 00:00:00
cve
cve
CVE-2015-5352
2015-08-03 01:59:00
aix
aix
AIX OpenSSH Vulnerability
2015-09-04 05:15:17
debian
debian
[SECURITY] [DLA 288-1] openssh security update
2015-08-07 11:38:21
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
ubuntu
ubuntu
OpenSSH regression
2015-08-18 00:00:00
OpenSSH vulnerabilities
2015-08-14 00:00:00
osv
osv
openssh - security update
2015-09-30 00:00:00
openssh - security update
2018-09-10 00:00:00
ibm
ibm
altlinux
altlinux
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.4
2016-11-08 00:00:00
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.4
2016-11-08 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2016-05-16 10:19:28
redhat
redhat
(RHSA-2016:0741) Moderate: openssh security, bug fix, and enhancement update
2016-05-10 06:42:16
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2015-11-23 00:00:00
openssh security, bug fix, and enhancement update
2016-05-12 00:00:00
suse
suse
Security update for openssh (important)
2015-09-21 09:10:02
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2015-12-20 00:00:00
symantec
symantec
SA104 : OpenSSH Vulnerabilities
2015-12-08 08:00:00
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
85.3%
Related for ALAS-2015-568