Lucene search

K
amazonAmazonALAS-2015-625
HistoryDec 14, 2015 - 10:00 a.m.

Medium: openssh

2015-12-1410:00:00
alas.aws.amazon.com
20

0.164 Low

EPSS

Percentile

96.0%

Issue Overview:

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.

A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.

Affected Packages:

openssh

Issue Correction:
Run yum update openssh to update your system.

New Packages:

i686:  
    openssh-6.6.1p1-22.58.amzn1.i686  
    openssh-server-6.6.1p1-22.58.amzn1.i686  
    pam_ssh_agent_auth-0.9.3-9.22.58.amzn1.i686  
    openssh-keycat-6.6.1p1-22.58.amzn1.i686  
    openssh-ldap-6.6.1p1-22.58.amzn1.i686  
    openssh-debuginfo-6.6.1p1-22.58.amzn1.i686  
    openssh-clients-6.6.1p1-22.58.amzn1.i686  
  
src:  
    openssh-6.6.1p1-22.58.amzn1.src  
  
x86_64:  
    openssh-6.6.1p1-22.58.amzn1.x86_64  
    openssh-clients-6.6.1p1-22.58.amzn1.x86_64  
    pam_ssh_agent_auth-0.9.3-9.22.58.amzn1.x86_64  
    openssh-server-6.6.1p1-22.58.amzn1.x86_64  
    openssh-debuginfo-6.6.1p1-22.58.amzn1.x86_64  
    openssh-keycat-6.6.1p1-22.58.amzn1.x86_64  
    openssh-ldap-6.6.1p1-22.58.amzn1.x86_64  

Additional References

Red Hat: CVE-2015-5600, CVE-2015-6563, CVE-2015-6564

Mitre: CVE-2015-5600, CVE-2015-6563, CVE-2015-6564