6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:N/A:C
0.164 Low
EPSS
Percentile
95.9%
CentOS Errata and Security Advisory CESA-2016:0466
OpenSSH is OpenBSD’s SSH (Secure Shell) protocol implementation.
These packages include the core files necessary for both the OpenSSH client
and server.
It was discovered that the OpenSSH server did not sanitize data received
in requests to enable X11 forwarding. An authenticated client with
restricted SSH access could possibly use this flaw to bypass intended
restrictions. (CVE-2016-3115)
It was discovered that the OpenSSH sshd daemon did not check the list of
keyboard-interactive authentication methods for duplicates. A remote
attacker could use this flaw to bypass the MaxAuthTries limit, making it
easier to perform password guessing attacks. (CVE-2015-5600)
All openssh users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the OpenSSH server daemon (sshd) will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-March/083907.html
Affected packages:
openssh
openssh-askpass
openssh-clients
openssh-ldap
openssh-server
pam_ssh_agent_auth
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0466
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | openssh | < 5.3p1-114.el6_7 | openssh-5.3p1-114.el6_7.i686.rpm |
CentOS | 6 | i686 | openssh-askpass | < 5.3p1-114.el6_7 | openssh-askpass-5.3p1-114.el6_7.i686.rpm |
CentOS | 6 | i686 | openssh-clients | < 5.3p1-114.el6_7 | openssh-clients-5.3p1-114.el6_7.i686.rpm |
CentOS | 6 | i686 | openssh-ldap | < 5.3p1-114.el6_7 | openssh-ldap-5.3p1-114.el6_7.i686.rpm |
CentOS | 6 | i686 | openssh-server | < 5.3p1-114.el6_7 | openssh-server-5.3p1-114.el6_7.i686.rpm |
CentOS | 6 | i686 | pam_ssh_agent_auth | < 0.9.3-114.el6_7 | pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm |
CentOS | 6 | x86_64 | openssh | < 5.3p1-114.el6_7 | openssh-5.3p1-114.el6_7.x86_64.rpm |
CentOS | 6 | x86_64 | openssh-askpass | < 5.3p1-114.el6_7 | openssh-askpass-5.3p1-114.el6_7.x86_64.rpm |
CentOS | 6 | x86_64 | openssh-clients | < 5.3p1-114.el6_7 | openssh-clients-5.3p1-114.el6_7.x86_64.rpm |
CentOS | 6 | x86_64 | openssh-ldap | < 5.3p1-114.el6_7 | openssh-ldap-5.3p1-114.el6_7.x86_64.rpm |
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:N/A:C
0.164 Low
EPSS
Percentile
95.9%