DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2016-10708", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2016-10708", "description": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.", "published": "2018-01-21T22:29:00", "modified": "2021-09-14T13:15:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10708", "reporter": "cve@mitre.org", "references": ["https://www.openssh.com/releasenotes.html", "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737", "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html", "http://www.securityfocus.com/bid/102780", "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html", "https://security.netapp.com/advisory/ntap-20180423-0003/", "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "https://usn.ubuntu.com/3809-1/", "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", "https://support.f5.com/csp/article/K32485746?utm_source=f5support&utm_medium=RSS", "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"], "cvelist": ["CVE-2016-10708"], "immutableFields": [], "lastseen": "2022-03-23T12:19:31", "viewCount": 2449, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2017:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:33A5CFE90CB8A153586AFE5BB43A3BBD", "CFOUNDRY:AD75AE1BC6EAF1FB6EA7CEC33AAA7C78"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1657561632"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1257-1:E0ED4", "DEBIAN:DLA-1500-1:E6BD7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10708"]}, {"type": "f5", "idList": ["F5:K32485746"]}, {"type": "ibm", "idList": ["21CA141F5B91FE49B1F75D8D6B65BC931C921F701DD5879FF0FA176FE14B2F44", "38077FEB135B7DF153D2B6FC98C852CF7ECEF94ECFBBF17859616B95FD0AC26A", "658E8F61B8BDFC2CE2BE44C008D591874CE5C4233BE8F27530A80E3BE7F49AC9"]}, {"type": "nessus", "idList": ["9855.PRM", "CENTOS_RHSA-2017-2029.NASL", "DEBIAN_DLA-1257.NASL", "EULEROS_SA-2018-1068.NASL", "EULEROS_SA-2018-1069.NASL", "EULEROS_SA-2018-1254.NASL", "F5_BIGIP_SOL32485746.NASL", "JUNIPER_JSA11169.NASL", "OPENSSH_74.NASL", "OPENSUSE-2018-765.NASL", "ORACLELINUX_ELSA-2017-2029.NASL", "REDHAT-RHSA-2017-2029.NASL", "SUSE_SU-2018-1989-1.NASL", "SUSE_SU-2018-2275-1.NASL", "SUSE_SU-2018-2530-1.NASL", "SUSE_SU-2018-2530-2.NASL", "SUSE_SU-2018-2685-1.NASL", "SUSE_SU-2018-3540-1.NASL", "UBUNTU_USN-3809-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810325", "OPENVAS:13614125623108103256", "OPENVAS:1361412562310843809", "OPENVAS:1361412562310851824", "OPENVAS:1361412562310891257", "OPENVAS:1361412562310891500", "OPENVAS:1361412562311220181068", "OPENVAS:1361412562311220181069", "OPENVAS:1361412562311220181254"]}, {"type": "osv", "idList": ["OSV:DLA-1257-1", "OSV:DLA-1500-1", "OSV:DLA-1500-2"]}, {"type": "redhat", "idList": ["RHSA-2017:2029"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10708"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2128-1"]}, {"type": "symantec", "idList": ["SMNTC-1469"]}, {"type": "ubuntu", "idList": ["USN-3809-1", "USN-3809-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10708"]}]}, "score": {"value": 5.5, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2021-04-22T23:58:42", "tweets": [{"link": "https://twitter.com/management_sun/status/1426170437071904768", "text": "IT Risk:Ubuntu.OpenSSH\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\nCVE-2018-15473 CVE-2016-10708 \nhttps://t.co/PukyBr63i6?amp=1\nhttps://t.co/mAcHdgrXdl?amp=1"}, {"link": "https://twitter.com/management_sun/status/1426170478780026881", "text": "IT Risk:Multiple vulnerabilities in Ubuntu.OpenSSH\nCVE-2018-15473 CVE-2016-10708 \nhttps://t.co/PukyBr63i6?amp=1\nhttps://t.co/mAcHdgrXdl?amp=1"}, {"link": "https://twitter.com/VulmonFeeds/status/1370889100316831747", "text": "CVE-2016-10708\n\nsshd in OpenSSH before 7.4 allows remote attackers to cau...\n\nhttps://t.co/TVgSyAfRAA?amp=1\n\nDon't wait vulnerability scanning results: https://t.co/oh1APvMMnd?amp=1"}, {"link": "https://twitter.com/VulmonFeeds/status/1370889100316831747", "text": "CVE-2016-10708\n\nsshd in OpenSSH before 7.4 allows remote attackers to cau...\n\nhttps://t.co/TVgSyAfRAA?amp=1\n\nDon't wait vulnerability scanning results: https://t.co/oh1APvMMnd?amp=1"}]}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2017:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:AD75AE1BC6EAF1FB6EA7CEC33AAA7C78"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1257-1:E0ED4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10708"]}, {"type": "f5", "idList": ["F5:K32485746"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1257.NASL", "UBUNTU_USN-3809-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810325", "OPENVAS:13614125623108103256", "OPENVAS:1361412562310843809", "OPENVAS:1361412562310891257"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2128-1"]}, {"type": "symantec", "idList": ["SMNTC-1469"]}, {"type": "ubuntu", "idList": ["USN-3809-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10708"]}]}, "exploitation": null, "vulnersScore": 5.5}, "_state": {"dependencies": 1659988328, "score": 1659845881}, "_internal": {"score_hash": "8ef42695797f154c8246205eadfe4946"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:netapp:storagegrid:-", "cpe:/a:netapp:data_ontap:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:netapp:vasa_provider:-", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:cloud_backup:-", "cpe:/a:netapp:service_processor:-", "cpe:/a:netapp:data_ontap_edge:-", "cpe:/o:netapp:clustered_data_ontap:-", "cpe:/a:netapp:storagegrid_webscale:-", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.04"], "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:vasa_provider:-:*:*:*:*:*:*:*"], "cwe": ["CWE-476"], "affectedSoftware": [{"cpeName": "openbsd:openssh", "version": "7.4", "operator": "lt", "name": "openbsd openssh"}, {"cpeName": "debian:debian_linux", "version": "7.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "debian:debian_linux", "version": "8.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "14.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "16.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "18.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "netapp:data_ontap", "version": "-", "operator": "eq", "name": "netapp data ontap"}, {"cpeName": "netapp:clustered_data_ontap", "version": "-", "operator": "eq", "name": "netapp clustered data ontap"}, {"cpeName": "netapp:data_ontap_edge", "version": "-", "operator": "eq", "name": "netapp data ontap edge"}, {"cpeName": "netapp:oncommand_unified_manager", "version": "*", "operator": "eq", "name": "netapp oncommand unified manager"}, {"cpeName": "netapp:cloud_backup", "version": "-", "operator": "eq", "name": "netapp cloud backup"}, {"cpeName": "netapp:storagegrid_webscale", "version": "-", "operator": "eq", "name": "netapp storagegrid webscale"}, {"cpeName": "netapp:storagegrid", "version": "-", "operator": "eq", "name": "netapp storagegrid"}, {"cpeName": "netapp:service_processor", "version": "-", "operator": "eq", "name": "netapp service processor"}, {"cpeName": "netapp:vasa_provider", "version": "-", "operator": "eq", "name": "netapp vasa provider"}], "affectedConfiguration": [{"name": "netapp clustered data ontap", "cpeName": "netapp:clustered_data_ontap", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*", "versionEndExcluding": "7.4", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "versionStartIncluding": "9.4", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:vasa_provider:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://www.openssh.com/releasenotes.html", "name": "https://www.openssh.com/releasenotes.html", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737", "name": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"]}, {"url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html", "name": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"]}, {"url": "http://www.securityfocus.com/bid/102780", "name": "102780", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html", "name": "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20180423-0003/", "name": "https://security.netapp.com/advisory/ntap-20180423-0003/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/3809-1/", "name": "USN-3809-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", "refsource": "CONFIRM", "tags": []}, {"url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support&utm_medium=RSS", "name": "https://support.f5.com/csp/article/K32485746?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "tags": []}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf", "refsource": "CONFIRM", "tags": []}]}

{"f5": [{"lastseen": "2022-02-01T00:00:00", "description": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. ([CVE-2016-10708](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708>))\n\nImpact\n\nThis vulnerability allows a remote attacker to disrupt service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-11T22:06:00", "type": "f5", "title": "OpenSSH vulnerability CVE-2016-10708", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10708"], "modified": "2021-02-25T03:42:00", "id": "F5:K32485746", "href": "https://support.f5.com/csp/article/K32485746", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-09-25T13:10:31", "description": "According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : openssh (EulerOS-SA-2018-1254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-keycat", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1254.NASL", "href": "https://www.tenable.com/plugins/nessus/117563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117563);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10708\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : openssh (EulerOS-SA-2018-1254)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssh packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - sshd in OpenSSH before 7.4 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n daemon crash) via an out-of-sequence NEWKEYS message,\n as demonstrated by Honggfuzz, related to kex.c and\n packet.c.(CVE-2016-10708)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1254\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45fca2ed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssh-6.6.1p1-25.4.h6\",\n \"openssh-clients-6.6.1p1-25.4.h6\",\n \"openssh-keycat-6.6.1p1-25.4.h6\",\n \"openssh-server-6.6.1p1-25.4.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-25T13:11:29", "description": "This update for openssh fixes the following issues: Security issue fixed :\n\n - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-08-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2530-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debugsource", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2530-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112148", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2530-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112148);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2016-10708\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2530-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues: Security issue\nfixed :\n\n - CVE-2016-10708: Prevent DoS due to crashes caused by\n out-of-sequence NEWKEYS message (bsc#1076957).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10708/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182530-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6889ae1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-1766=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1766=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1766=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-1766=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1766=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssh-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssh-askpass-gnome-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssh-askpass-gnome-debuginfo-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssh-debuginfo-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssh-debugsource-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssh-fips-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssh-helpers-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssh-helpers-debuginfo-7.2p2-74.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-25T13:12:23", "description": "This update for openssh fixes the following issues: Security issue fixed :\n\n - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-07-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2018:1989-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debugsource", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1989-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111200", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1989-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111200);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2016-10708\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2018:1989-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues: Security issue\nfixed :\n\n - CVE-2016-10708: Prevent DoS due to crashes caused by\n out-of-sequence NEWKEYS message (bsc#1076957).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10708/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181989-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3f32754\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1352=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1352=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1352=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssh-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssh-askpass-gnome-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssh-askpass-gnome-debuginfo-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssh-debuginfo-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssh-debugsource-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssh-fips-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssh-helpers-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssh-helpers-debuginfo-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-debuginfo-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-debuginfo-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-debugsource-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-helpers-7.2p2-74.19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-helpers-debuginfo-7.2p2-74.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-25T13:12:34", "description": "This update for openssh fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-07-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssh (openSUSE-2018-765)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssh", "p-cpe:/a:novell:opensuse:openssh-askpass-gnome", "p-cpe:/a:novell:opensuse:openssh-askpass-gnome-debuginfo", "p-cpe:/a:novell:opensuse:openssh-cavs", "p-cpe:/a:novell:opensuse:openssh-cavs-debuginfo", "p-cpe:/a:novell:opensuse:openssh-debuginfo", "p-cpe:/a:novell:opensuse:openssh-debugsource", "p-cpe:/a:novell:opensuse:openssh-fips", "p-cpe:/a:novell:opensuse:openssh-helpers", "p-cpe:/a:novell:opensuse:openssh-helpers-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-765.NASL", "href": "https://www.tenable.com/plugins/nessus/111417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-765.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111417);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10708\");\n\n script_name(english:\"openSUSE Security Update : openssh (openSUSE-2018-765)\");\n script_summary(english:\"Check for the openSUSE-2018-765 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-10708: Prevent DoS due to crashes caused by\n out-of-sequence NEWKEYS message (bsc#1076957).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076957\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-cavs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-askpass-gnome-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-askpass-gnome-debuginfo-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-cavs-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-cavs-debuginfo-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-debuginfo-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-debugsource-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-fips-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-helpers-7.2p2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssh-helpers-debuginfo-7.2p2-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-askpass-gnome / openssh-askpass-gnome-debuginfo / openssh / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:54:27", "description": "This update for openssh fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-10-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2530-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2022-02-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debugsource", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2530-2.NASL", "href": "https://www.tenable.com/plugins/nessus/118285", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2530-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118285);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/04\");\n\n script_cve_id(\"CVE-2016-10708\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2530-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssh fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence\nNEWKEYS message (bsc#1076957).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10708/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182530-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?560ab79c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-1766=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10708\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-debuginfo-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-debuginfo-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-debugsource-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-fips-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-helpers-7.2p2-74.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssh-helpers-debuginfo-7.2p2-74.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-25T13:17:35", "description": "According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : openssh (EulerOS-SA-2018-1068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-askpass", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-keycat", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1068.NASL", "href": "https://www.tenable.com/plugins/nessus/108472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108472);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10708\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : openssh (EulerOS-SA-2018-1068)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssh packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - sshd in OpenSSH before 7.4 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n daemon crash) via an out-of-sequence NEWKEYS message,\n as demonstrated by Honggfuzz, related to kex.c and\n packet.c.(CVE-2016-10708)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1068\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?db513eef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssh-6.6.1p1-28.h15\",\n \"openssh-askpass-6.6.1p1-28.h15\",\n \"openssh-clients-6.6.1p1-28.h15\",\n \"openssh-keycat-6.6.1p1-28.h15\",\n \"openssh-server-6.6.1p1-28.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-25T13:18:02", "description": "According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openssh (EulerOS-SA-2018-1069)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-askpass", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-keycat", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1069.NASL", "href": "https://www.tenable.com/plugins/nessus/108473", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108473);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10708\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : openssh (EulerOS-SA-2018-1069)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssh packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - sshd in OpenSSH before 7.4 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n daemon crash) via an out-of-sequence NEWKEYS message,\n as demonstrated by Honggfuzz, related to kex.c and\n packet.c.(CVE-2016-10708)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1069\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a5ed3e8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssh-6.6.1p1-28.h15\",\n \"openssh-askpass-6.6.1p1-28.h15\",\n \"openssh-clients-6.6.1p1-28.h15\",\n \"openssh-keycat-6.6.1p1-28.h15\",\n \"openssh-server-6.6.1p1-28.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-25T13:20:23", "description": "OpenSSH was found to be vulnerable to out of order NEWKEYS messages which could crash the daemon, resulting in a denial of service attack.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:6.0p1-4+deb7u7.\n\nWe recommend that you upgrade your openssh packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-29T00:00:00", "type": "nessus", "title": "Debian DLA-1257-1 : openssh security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssh-client", "p-cpe:/a:debian:debian_linux:openssh-client-udeb", "p-cpe:/a:debian:debian_linux:openssh-server", "p-cpe:/a:debian:debian_linux:openssh-server-udeb", "p-cpe:/a:debian:debian_linux:ssh", "p-cpe:/a:debian:debian_linux:ssh-askpass-gnome", "p-cpe:/a:debian:debian_linux:ssh-krb5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1257.NASL", "href": "https://www.tenable.com/plugins/nessus/106407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1257-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106407);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10708\");\n\n script_name(english:\"Debian DLA-1257-1 : openssh security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSH was found to be vulnerable to out of order NEWKEYS messages\nwhich could crash the daemon, resulting in a denial of service attack.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:6.0p1-4+deb7u7.\n\nWe recommend that you upgrade your openssh packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssh\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-client-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-server-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ssh-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"openssh-client\", reference:\"1:6.0p1-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssh-client-udeb\", reference:\"1:6.0p1-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssh-server\", reference:\"1:6.0p1-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssh-server-udeb\", reference:\"1:6.0p1-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ssh\", reference:\"1:6.0p1-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ssh-askpass-gnome\", reference:\"1:6.0p1-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ssh-krb5\", reference:\"1:6.0p1-4+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-25T12:24:33", "description": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (CVE-2016-10708)\n\nImpact\n\nThis vulnerability allows a remote attacker to disrupt service.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSH vulnerability (K32485746)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2020-03-09T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL32485746.NASL", "href": "https://www.tenable.com/plugins/nessus/132548", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K32485746.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132548);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2016-10708\");\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSH vulnerability (K32485746)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"sshd in OpenSSH before 7.4 allows remote attackers to cause a denial\nof service (NULL pointer dereference and daemon crash) via an\nout-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related\nto kex.c and packet.c. (CVE-2016-10708)\n\nImpact\n\nThis vulnerability allows a remote attacker to disrupt service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K32485746\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K32485746.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K32485746\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"14.0.0-14.0.1\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.2.1-11.6.5\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-31T18:12:43", "description": "Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708)\n\nIt was discovered that OpenSSH incorrectly handled certain requests.\nAn attacker could possibly use this issue to access sensitive information. (CVE-2018-15473).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2018-11-07T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : openssh vulnerabilities (USN-3809-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708", "CVE-2018-15473"], "modified": "2021-04-14T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openssh-server", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3809-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3809-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118795);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/14\");\n\n script_cve_id(\"CVE-2016-10708\", \"CVE-2018-15473\");\n script_xref(name:\"USN\", value:\"3809-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : openssh vulnerabilities (USN-3809-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Robert Swiecki discovered that OpenSSH incorrectly handled certain\nmessages. An attacker could possibly use this issue to cause a denial\nof service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-10708)\n\nIt was discovered that OpenSSH incorrectly handled certain requests.\nAn attacker could possibly use this issue to access sensitive\ninformation. (CVE-2018-15473).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3809-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected openssh-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15473\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2021 Canonical, Inc. / NASL script (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openssh-server\", pkgver:\"1:6.6p1-2ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openssh-server\", pkgver:\"1:7.2p2-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"openssh-server\", pkgver:\"1:7.6p1-4ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-server\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-18T19:28:30", "description": "This update for openssh fixes the following issues: Security issues fixed :\n\n - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away (bsc#1016370).\n\n - CVE-2016-10708: Fix remote denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957).\n\n - CVE-2017-15906: Fix r/o sftp-server zero byte file creation (bsc#1065000).\n\n - CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483 (bsc#1069509). Bug fixes :\n\n - bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099)\n\n - bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated (bsc#1053972)\n\n - bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4 (bsc#1023275)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2018:2275-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1483", "CVE-2016-10012", "CVE-2016-10708", "CVE-2017-15906"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-2275-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2275-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111639);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-1483\", \"CVE-2016-10012\", \"CVE-2016-10708\", \"CVE-2017-15906\");\n script_bugtraq_id(28444);\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2018:2275-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues: Security issues\nfixed :\n\n - CVE-2016-10012: Fix pre-auth compression checks that\n could be optimized away (bsc#1016370).\n\n - CVE-2016-10708: Fix remote denial of service (NULL\n pointer dereference and daemon crash) via an\n out-of-sequence NEWKEYSmessage (bsc#1076957).\n\n - CVE-2017-15906: Fix r/o sftp-server zero byte file\n creation (bsc#1065000).\n\n - CVE-2008-1483: Fix accidental re-introduction of\n CVE-2008-1483 (bsc#1069509). Bug fixes :\n\n - bsc#1017099: Match conditions with uppercase hostnames\n fail (bsc#1017099)\n\n - bsc#1053972: supportedKeyExchanges\n diffie-hellman-group1-sha1 is duplicated (bsc#1053972)\n\n - bsc#1023275: Messages suppressed after upgrade from SLES\n 11 SP3 to SP4 (bsc#1023275)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2008-1483/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10708/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15906/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182275-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26523b41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-openssh-13719=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-openssh-13719=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-6.6p1-36.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-askpass-gnome-6.6p1-36.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-fips-6.6p1-36.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-helpers-6.6p1-36.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-18T19:30:34", "description": "This update for openssh provides the following fixes :\n\nSecurity issues fixed :\n\nCVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000).\n\nCVE-2016-10012: Remove pre-auth compression support from the server to prevent possible cryptographic attacks (bsc#1016370).\n\nCVE-2008-1483: Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509).\n\nCVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957).\n\nBug fixes: bsc#1017099: Enable case-insensitive hostname matching.\n\nbsc#1023275: Add a new switch for printing diagnostic messages in sftp client's batch mode.\n\nbsc#1048367: systemd integration to work around various race conditions.\n\nbsc#1053972: Remove duplicate KEX method.\n\nbsc#1092582: Add missing piece of systemd integration.\n\nRemove the limit on the amount of tasks sshd can run.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2685-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1483", "CVE-2016-10012", "CVE-2016-10708", "CVE-2017-15906"], "modified": "2021-01-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debugsource", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2685-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117452", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2685-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117452);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\"CVE-2008-1483\", \"CVE-2016-10012\", \"CVE-2016-10708\", \"CVE-2017-15906\");\n script_bugtraq_id(28444);\n\n script_name(english:\"SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2685-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssh provides the following fixes :\n\nSecurity issues fixed :\n\nCVE-2017-15906: Stricter checking of operations in read-only mode in\nsftp server (bsc#1065000).\n\nCVE-2016-10012: Remove pre-auth compression support from the server to\nprevent possible cryptographic attacks (bsc#1016370).\n\nCVE-2008-1483: Refine handling of sockets for X11 forwarding to remove\nreintroduced CVE-2008-1483 (bsc#1069509).\n\nCVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence\nNEWKEYS message (bsc#1076957).\n\nBug fixes: bsc#1017099: Enable case-insensitive hostname matching.\n\nbsc#1023275: Add a new switch for printing diagnostic messages in sftp\nclient's batch mode.\n\nbsc#1048367: systemd integration to work around various race\nconditions.\n\nbsc#1053972: Remove duplicate KEX method.\n\nbsc#1092582: Add missing piece of systemd integration.\n\nRemove the limit on the amount of tasks sshd can run.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2008-1483/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10708/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15906/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182685-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a57860a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1876=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1876=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1876=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-askpass-gnome-6.6p1-54.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-54.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-debuginfo-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-debugsource-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-fips-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-helpers-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssh-helpers-debuginfo-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-askpass-gnome-6.6p1-54.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-54.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-debuginfo-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-debugsource-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-fips-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-helpers-6.6p1-54.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-helpers-debuginfo-6.6p1-54.15.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-18T19:32:47", "description": "This update for openssh fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability.\n(bsc#1106163)\n\nCVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726)\n\nCVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957)\n\nCVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010)\n\nCVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370)\n\nBugs fixed: Fixed failing 'AuthorizedKeysCommand' within a 'Match User' block in sshd_config (bsc#1105180)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-30T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3540-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10012", "CVE-2016-10708", "CVE-2017-15906", "CVE-2018-15473", "CVE-2018-15919"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-3540-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118498", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3540-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118498);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10012\", \"CVE-2016-10708\", \"CVE-2017-15906\", \"CVE-2018-15473\", \"CVE-2018-15919\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3540-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssh fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15919: Remotely observable behaviour in auth-gss2.c in\nOpenSSH could be used by remote attackers to detect existence of users\non a target system when GSS2 is in use. OpenSSH developers do not want\nto treat such a username enumeration (or 'oracle') as a vulnerability.\n(bsc#1106163)\n\nCVE-2017-15906: The process_open function in sftp-server.c in OpenSSH\ndid not properly prevent write operations in readonly mode, which\nallowed attackers to create zero-length files. (bsc#1065000,\nbsc#1106726)\n\nCVE-2016-10708: sshd allowed remote attackers to cause a denial of\nservice (NULL pointer dereference and daemon crash) via an\nout-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related\nto kex.c and packet.c. (bsc#1076957)\n\nCVE-2018-15473: OpenSSH was prone to a user existance oracle\nvulnerability due to not delaying bailout for an invalid\nauthenticating user until after the packet containing the request has\nbeen fully parsed, related to auth2-gss.c, auth2-hostbased.c, and\nauth2-pubkey.c. (bsc#1105010)\n\nCVE-2016-10012: Removed pre-auth compression support from the server\nto prevent possible cryptographic attacks. (bsc#1016370)\n\nBugs fixed: Fixed failing 'AuthorizedKeysCommand' within a 'Match\nUser' block in sshd_config (bsc#1105180)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10708/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15906/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15919/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183540-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf4c0b95\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-openssh-13848=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-openssh-13848=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-openssh-13848=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-6.2p2-0.41.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-6.2p2-0.41.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-gnome-6.2p2-0.41.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:14:05", "description": "The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11169 advisory.\n\n - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.\n (CVE-2016-10009)\n\n - sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. (CVE-2016-10010)\n\n - authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. (CVE-2016-10011)\n\n - The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. (CVE-2016-10012)\n\n - sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (CVE-2016-10708)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "Juniper Junos OS Multiple Vulnerabilities (JSA11169)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA11169.NASL", "href": "https://www.tenable.com/plugins/nessus/148681", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148681);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2016-10009\",\n \"CVE-2016-10010\",\n \"CVE-2016-10011\",\n \"CVE-2016-10012\",\n \"CVE-2016-10708\"\n );\n script_xref(name:\"JSA\", value:\"JSA11169\");\n\n script_name(english:\"Juniper Junos OS Multiple Vulnerabilities (JSA11169)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the\nJSA11169 advisory.\n\n - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote\n attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.\n (CVE-2016-10009)\n\n - sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets\n as root, which might allow local users to gain privileges via unspecified vectors, related to\n serverloop.c. (CVE-2016-10010)\n\n - authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer\n contents, which might allow local users to obtain sensitive private-key information by leveraging access\n to a privilege-separated child process. (CVE-2016-10011)\n\n - The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4\n does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain\n privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and\n m_zlib data structures. (CVE-2016-10012)\n\n - sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference\n and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c\n and packet.c. (CVE-2016-10708)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/JSA11169\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release referenced in Juniper advisory JSA11169\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10009\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-10012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude('junos.inc');\n\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\nvuln_ranges = [\n {'min_ver':'17.2', 'fixed_ver':'17.2R3-S4'},\n {'min_ver':'17.3', 'fixed_ver':'17.3R3-S8'},\n {'min_ver':'17.4', 'fixed_ver':'17.4R2-S9'},\n {'min_ver':'18.1', 'fixed_ver':'18.1R3-S13'},\n {'min_ver':'18.2', 'fixed_ver':'18.2R2-S7'},\n {'min_ver':'18.3', 'fixed_ver':'18.3R1-S7'},\n {'min_ver':'18.4', 'fixed_ver':'18.4R1-S7'},\n {'min_ver':'19.1', 'fixed_ver':'19.1R1-S4'}\n];\n\nfix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);\nif (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);\nreport = get_report(ver:ver, fix:fix);\nsecurity_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:16", "description": "The installed version of OpenSSH is 7.x prior to 7.4 and is affected by the following vulnerabilities :\n\n - A flaw exists in 'sshd(8)' that is triggered during the creation of forwarded Unix-domain sockets. This may allow a local attacker to potentially gain elevated privileges.\n - A flaw exists in the 'realloc()' function in 'sshd(8)' that is triggered when reading keys. This may allow a local attacker to gain access to potentially sensitive key material that is leaked by the system.\n - A flaw exists in 'ssh-agent(1)' that is triggered when invoking the PKCS#11 module during agent forwarding. This may allow a local attacker to potentially execute arbitrary code with elevated privileges.\n - A flaw exists in 'sshd(8)' that is triggered as bounds are not properly checked in pre-authentication compression support, while the shared memory manager may be inappropriately accessed. This may potentially allow a local attacker to gain elevated privileges.\n - A flaw exists in 'sshd(8)' that is triggered during the handling of a saturation of 'KEXINIT' messages. This may allow a remote attacker to cause a denial of service.\n - A flaw exists in 'sshd(8)' that is triggered during as address ranges for 'AllowUser' and 'DenyUsers' directives are not properly validated at configuration load time. This may allow a local attacker to potentially gain unintended access to restricted areas.\n - A flaw exists that allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-09T00:00:00", "type": "nessus", "title": "OpenSSH 7.x < 7.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708", "CVE-2016-10012", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011"], "modified": "2019-08-21T00:00:00", "cpe": ["cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*"], "id": "9855.PRM", "href": "https://www.tenable.com/plugins/nnm/9855", "sourceData": "Binary data 9855.prm", "cvss": {"score": 6.9, "vector": "CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-13T15:49:39", "description": "According to its banner, the version of OpenSSH running on the remote host is prior to 7.4. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in ssh-agent due to loading PKCS#11 modules from paths that are outside a trusted whitelist.\n A local attacker can exploit this, by using a crafted request to load hostile modules via agent forwarding, to execute arbitrary code. To exploit this vulnerability, the attacker would need to control the forwarded agent-socket (on the host running the sshd server) and the ability to write to the file system of the host running ssh-agent. (CVE-2016-10009)\n\n - A flaw exists in sshd due to creating forwarded Unix-domain sockets with 'root' privileges whenever privilege separation is disabled. A local attacker can exploit this to gain elevated privileges.\n (CVE-2016-10010)\n\n - An information disclosure vulnerability exists in sshd within the realloc() function due leakage of key material to privilege-separated child processes when reading keys. A local attacker can possibly exploit this to disclose sensitive key material. Note that no such leak has been observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users.\n (CVE-2016-10011)\n\n - A flaw exists in sshd within the shared memory manager used by pre-authenticating compression support due to a bounds check being elided by some optimizing compilers and due to the memory manager being incorrectly accessible when pre-authenticating compression is disabled. A local attacker can exploit this to gain elevated privileges. (CVE-2016-10012)\n\n - A denial of service vulnerability exists in sshd when handling KEXINIT messages. An unauthenticated, remote attacker can exploit this, by sending multiple KEXINIT messages, to consume up to 128MB per connection.\n\n - A flaw exists in sshd due to improper validation of address ranges by the AllowUser and DenyUsers directives at configuration load time. A local attacker can exploit this, via an invalid CIDR address range, to gain access to restricted areas.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "OpenSSH < 7.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708"], "modified": "2022-04-04T00:00:00", "cpe": ["cpe:/a:openbsd:openssh"], "id": "OPENSSH_74.NASL", "href": "https://www.tenable.com/plugins/nessus/96151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96151);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/04\");\n\n script_cve_id(\n \"CVE-2016-10009\",\n \"CVE-2016-10010\",\n \"CVE-2016-10011\",\n \"CVE-2016-10012\",\n \"CVE-2016-10708\"\n );\n script_bugtraq_id(\n 94968,\n 94972,\n 94975,\n 94977\n );\n script_xref(name:\"EDB-ID\", value:\"40962\");\n\n script_name(english:\"OpenSSH < 7.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the OpenSSH banner version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The SSH server running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSH running on the remote\nhost is prior to 7.4. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists in ssh-agent due to loading PKCS#11\n modules from paths that are outside a trusted whitelist.\n A local attacker can exploit this, by using a crafted\n request to load hostile modules via agent forwarding, to\n execute arbitrary code. To exploit this vulnerability,\n the attacker would need to control the forwarded\n agent-socket (on the host running the sshd server) and\n the ability to write to the file system of the host\n running ssh-agent. (CVE-2016-10009)\n\n - A flaw exists in sshd due to creating forwarded\n Unix-domain sockets with 'root' privileges whenever\n privilege separation is disabled. A local attacker can\n exploit this to gain elevated privileges.\n (CVE-2016-10010)\n\n - An information disclosure vulnerability exists in sshd\n within the realloc() function due leakage of key\n material to privilege-separated child processes when\n reading keys. A local attacker can possibly exploit this\n to disclose sensitive key material. Note that no such\n leak has been observed in practice for normal-sized\n keys, nor does a leak to the child processes directly\n expose key material to unprivileged users.\n (CVE-2016-10011)\n\n - A flaw exists in sshd within the shared memory manager\n used by pre-authenticating compression support due to a\n bounds check being elided by some optimizing compilers\n and due to the memory manager being incorrectly\n accessible when pre-authenticating compression is\n disabled. A local attacker can exploit this to gain\n elevated privileges. (CVE-2016-10012)\n\n - A denial of service vulnerability exists in sshd when\n handling KEXINIT messages. An unauthenticated, remote\n attacker can exploit this, by sending multiple KEXINIT\n messages, to consume up to 128MB per connection.\n\n - A flaw exists in sshd due to improper validation of\n address ranges by the AllowUser and DenyUsers\n directives at configuration load time. A local attacker\n can exploit this, via an invalid CIDR address range, to\n gain access to restricted areas.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssh.com/txt/release-7.4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSH version 7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10009\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openbsd:openssh\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/ssh\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Ensure the port is open.\nport = get_service(svc:\"ssh\", exit_on_fail:TRUE);\n\n# Get banner for service.\nbanner = get_kb_item_or_exit(\"SSH/banner/\" + port);\n\nbp_banner = tolower(get_backport_banner(banner:banner));\nif (\"openssh\" >!< bp_banner)\n audit(AUDIT_NOT_LISTEN, \"OpenSSH\", port);\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\nif (backported)\n audit(code:0, AUDIT_BACKPORT_SERVICE, port, \"OpenSSH\");\n\n# Check the version in the backported banner.\nmatch = pregmatch(string:bp_banner, pattern:\"openssh[-_]([0-9][-._0-9a-z]+)\");\nif (isnull(match))\n audit(AUDIT_SERVICE_VER_FAIL, \"OpenSSH\", port);\nversion = match[1];\n\nfix = \"7.4\";\nif (\n version =~ \"^[0-6]\\.\" ||\n version =~ \"^7\\.[0-3]\"\n )\n{\n items = make_array(\"Version source\", banner,\n \"Installed version\", version,\n \"Fixed version\", fix);\n order = make_list(\"Version source\", \"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"OpenSSH\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-18T14:35:59", "description": "An update for openssh is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nThe following packages have been upgraded to a later upstream version:\nopenssh (7.4p1). (BZ#1341754)\n\nSecurity Fix(es) :\n\n* A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)\n\n* It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515)\n\n* It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009)\n\n* It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011)\n\n* It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-02T00:00:00", "type": "nessus", "title": "RHEL 7 : openssh (RHSA-2017:2029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-6210", "CVE-2016-6515"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-cavs", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssh-keycat", "p-cpe:/a:redhat:enterprise_linux:openssh-ldap", "p-cpe:/a:redhat:enterprise_linux:openssh-server", "p-cpe:/a:redhat:enterprise_linux:openssh-server-sysvinit", "p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/102112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2029. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102112);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-10708\", \"CVE-2016-6210\", \"CVE-2016-6515\");\n script_xref(name:\"RHSA\", value:\"2017:2029\");\n\n script_name(english:\"RHEL 7 : openssh (RHSA-2017:2029)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssh is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of\nLinux, UNIX, and similar operating systems. It includes the core files\nnecessary for both the OpenSSH client and server.\n\nThe following packages have been upgraded to a later upstream version:\nopenssh (7.4p1). (BZ#1341754)\n\nSecurity Fix(es) :\n\n* A covert timing channel flaw was found in the way OpenSSH handled\nauthentication of non-existent users. A remote unauthenticated\nattacker could possibly use this flaw to determine valid user names by\nmeasuring the timing of server responses. (CVE-2016-6210)\n\n* It was found that OpenSSH did not limit password lengths for\npassword authentication. A remote unauthenticated attacker could use\nthis flaw to temporarily trigger high CPU consumption in sshd by\nsending long passwords. (CVE-2016-6515)\n\n* It was found that ssh-agent could load PKCS#11 modules from\narbitrary paths. An attacker having control of the forwarded\nagent-socket on the server, and the ability to write to the filesystem\nof the client host, could use this flaw to execute arbitrary code with\nthe privileges of the user running ssh-agent. (CVE-2016-10009)\n\n* It was found that the host private key material could possibly leak\nto the privilege-separated child processes via re-allocated memory. An\nattacker able to compromise the privilege-separated process could\ntherefore obtain the leaked key information. (CVE-2016-10011)\n\n* It was found that the boundary checks in the code implementing\nsupport for pre-authentication compression could have been optimized\nout by certain compilers. An attacker able to compromise the\nprivilege-separated process could possibly use this flaw for further\nattacks against the privileged monitor process. (CVE-2016-10012)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10708\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2029\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-askpass-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-askpass-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-cavs-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-cavs-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-clients-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-clients-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssh-debuginfo-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-keycat-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-keycat-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-ldap-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-ldap-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-server-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-server-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-server-sysvinit-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-server-sysvinit-7.4p1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"pam_ssh_agent_auth-0.10.3-1.11.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-cavs / openssh-clients / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-18T14:37:08", "description": "From Red Hat Security Advisory 2017:2029 :\n\nAn update for openssh is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nThe following packages have been upgraded to a later upstream version:\nopenssh (7.4p1). (BZ#1341754)\n\nSecurity Fix(es) :\n\n* A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)\n\n* It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515)\n\n* It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009)\n\n* It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011)\n\n* It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openssh (ELSA-2017-2029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-6210", "CVE-2016-6515"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-cavs", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:openssh-keycat", "p-cpe:/a:oracle:linux:openssh-ldap", "p-cpe:/a:oracle:linux:openssh-server", "p-cpe:/a:oracle:linux:openssh-server-sysvinit", "p-cpe:/a:oracle:linux:pam_ssh_agent_auth", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/102296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2029 and \n# Oracle Linux Security Advisory ELSA-2017-2029 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102296);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-10708\", \"CVE-2016-6210\", \"CVE-2016-6515\");\n script_xref(name:\"RHSA\", value:\"2017:2029\");\n\n script_name(english:\"Oracle Linux 7 : openssh (ELSA-2017-2029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2029 :\n\nAn update for openssh is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of\nLinux, UNIX, and similar operating systems. It includes the core files\nnecessary for both the OpenSSH client and server.\n\nThe following packages have been upgraded to a later upstream version:\nopenssh (7.4p1). (BZ#1341754)\n\nSecurity Fix(es) :\n\n* A covert timing channel flaw was found in the way OpenSSH handled\nauthentication of non-existent users. A remote unauthenticated\nattacker could possibly use this flaw to determine valid user names by\nmeasuring the timing of server responses. (CVE-2016-6210)\n\n* It was found that OpenSSH did not limit password lengths for\npassword authentication. A remote unauthenticated attacker could use\nthis flaw to temporarily trigger high CPU consumption in sshd by\nsending long passwords. (CVE-2016-6515)\n\n* It was found that ssh-agent could load PKCS#11 modules from\narbitrary paths. An attacker having control of the forwarded\nagent-socket on the server, and the ability to write to the filesystem\nof the client host, could use this flaw to execute arbitrary code with\nthe privileges of the user running ssh-agent. (CVE-2016-10009)\n\n* It was found that the host private key material could possibly leak\nto the privilege-separated child processes via re-allocated memory. An\nattacker able to compromise the privilege-separated process could\ntherefore obtain the leaked key information. (CVE-2016-10011)\n\n* It was found that the boundary checks in the code implementing\nsupport for pre-authentication compression could have been optimized\nout by certain compilers. An attacker able to compromise the\nprivilege-separated process could possibly use this flaw for further\nattacks against the privileged monitor process. (CVE-2016-10012)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007091.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-askpass-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-cavs-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-clients-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-keycat-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-ldap-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-server-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-server-sysvinit-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"pam_ssh_agent_auth-0.10.3-1.11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-cavs / openssh-clients / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-18T14:36:33", "description": "An update for openssh is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nThe following packages have been upgraded to a later upstream version:\nopenssh (7.4p1). (BZ#1341754)\n\nSecurity Fix(es) :\n\n* A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)\n\n* It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515)\n\n* It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009)\n\n* It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011)\n\n* It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "CentOS 7 : openssh (CESA-2017:2029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-6210", "CVE-2016-6515"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssh", "p-cpe:/a:centos:centos:openssh-askpass", "p-cpe:/a:centos:centos:openssh-cavs", "p-cpe:/a:centos:centos:openssh-clients", "p-cpe:/a:centos:centos:openssh-keycat", "p-cpe:/a:centos:centos:openssh-ldap", "p-cpe:/a:centos:centos:openssh-server", "p-cpe:/a:centos:centos:openssh-server-sysvinit", "p-cpe:/a:centos:centos:pam_ssh_agent_auth", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/102751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2029 and \n# CentOS Errata and Security Advisory 2017:2029 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102751);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-10708\", \"CVE-2016-6210\", \"CVE-2016-6515\");\n script_xref(name:\"RHSA\", value:\"2017:2029\");\n\n script_name(english:\"CentOS 7 : openssh (CESA-2017:2029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssh is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of\nLinux, UNIX, and similar operating systems. It includes the core files\nnecessary for both the OpenSSH client and server.\n\nThe following packages have been upgraded to a later upstream version:\nopenssh (7.4p1). (BZ#1341754)\n\nSecurity Fix(es) :\n\n* A covert timing channel flaw was found in the way OpenSSH handled\nauthentication of non-existent users. A remote unauthenticated\nattacker could possibly use this flaw to determine valid user names by\nmeasuring the timing of server responses. (CVE-2016-6210)\n\n* It was found that OpenSSH did not limit password lengths for\npassword authentication. A remote unauthenticated attacker could use\nthis flaw to temporarily trigger high CPU consumption in sshd by\nsending long passwords. (CVE-2016-6515)\n\n* It was found that ssh-agent could load PKCS#11 modules from\narbitrary paths. An attacker having control of the forwarded\nagent-socket on the server, and the ability to write to the filesystem\nof the client host, could use this flaw to execute arbitrary code with\nthe privileges of the user running ssh-agent. (CVE-2016-10009)\n\n* It was found that the host private key material could possibly leak\nto the privilege-separated child processes via re-allocated memory. An\nattacker able to compromise the privilege-separated process could\ntherefore obtain the leaked key information. (CVE-2016-10011)\n\n* It was found that the boundary checks in the code implementing\nsupport for pre-authentication compression could have been optimized\nout by certain compilers. An attacker able to compromise the\nprivilege-separated process could possibly use this flaw for further\nattacks against the privileged monitor process. (CVE-2016-10012)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ff4711b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6515\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-askpass-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-cavs-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-clients-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-keycat-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-ldap-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-server-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-server-sysvinit-7.4p1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"pam_ssh_agent_auth-0.10.3-1.11.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-cavs / openssh-clients / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2018-07-30T13:53:39", "description": "This update for openssh fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence\n NEWKEYS message (bsc#1076957).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2018-07-28T16:03:16", "type": "suse", "title": "Security update for openssh (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2018-07-28T16:03:16", "id": "OPENSUSE-SU-2018:2128-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00045.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-01-31T17:38:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-29T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssh (openSUSE-SU-2018:2128-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851824", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851824", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851824\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-29 05:59:13 +0200 (Sun, 29 Jul 2018)\");\n script_cve_id(\"CVE-2016-10708\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssh (openSUSE-SU-2018:2128-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssh fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence\n NEWKEYS message (bsc#1076957).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-765=1\");\n\n script_tag(name:\"affected\", value:\"openssh on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2128-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00045.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-askpass-gnome\", rpm:\"openssh-askpass-gnome~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-askpass-gnome-debuginfo\", rpm:\"openssh-askpass-gnome-debuginfo~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-cavs\", rpm:\"openssh-cavs~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-cavs-debuginfo\", rpm:\"openssh-cavs-debuginfo~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-debuginfo\", rpm:\"openssh-debuginfo~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-debugsource\", rpm:\"openssh-debugsource~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-fips\", rpm:\"openssh-fips~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-helpers\", rpm:\"openssh-helpers~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-helpers-debuginfo\", rpm:\"openssh-helpers-debuginfo~7.2p2~21.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:09:13", "description": "OpenSSH was found to be vulnerable to out of order NEWKEYS messages\nwhich could crash the daemon, resulting in a denial of service attack.", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for openssh (DLA-1257-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891257", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891257\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-10708\");\n script_name(\"Debian LTS: Security Advisory for openssh (DLA-1257-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 00:00:00 +0100 (Wed, 31 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"openssh on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1:6.0p1-4+deb7u7.\n\nWe recommend that you upgrade your openssh packages.\");\n\n script_tag(name:\"summary\", value:\"OpenSSH was found to be vulnerable to out of order NEWKEYS messages\nwhich could crash the daemon, resulting in a denial of service attack.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"openssh-client\", ver:\"1:6.0p1-4+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:6.0p1-4+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh\", ver:\"1:6.0p1-4+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh-askpass-gnome\", ver:\"1:6.0p1-4+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh-krb5\", ver:\"1:6.0p1-4+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181068", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1068\");\n script_version(\"2020-01-23T11:11:38+0000\");\n script_cve_id(\"CVE-2016-10708\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:11:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:11:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1068)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1068\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1068\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssh' package(s) announced via the EulerOS-SA-2018-1068 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708)\");\n\n script_tag(name:\"affected\", value:\"'openssh' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-askpass\", rpm:\"openssh-askpass~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-keycat\", rpm:\"openssh-keycat~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:39:52", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1069)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181069", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1069\");\n script_version(\"2020-01-23T11:11:39+0000\");\n script_cve_id(\"CVE-2016-10708\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:11:39 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:11:39 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1069)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1069\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1069\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssh' package(s) announced via the EulerOS-SA-2018-1069 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708)\");\n\n script_tag(name:\"affected\", value:\"'openssh' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-askpass\", rpm:\"openssh-askpass~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-keycat\", rpm:\"openssh-keycat~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~6.6.1p1~28.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:30", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181254", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1254\");\n script_version(\"2020-01-23T11:19:05+0000\");\n script_cve_id(\"CVE-2016-10708\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:19:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:19:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2018-1254)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1254\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1254\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssh' package(s) announced via the EulerOS-SA-2018-1254 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708)\");\n\n script_tag(name:\"affected\", value:\"'openssh' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6.1p1~25.4.h6\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~6.6.1p1~25.4.h6\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-keycat\", rpm:\"openssh-keycat~6.6.1p1~25.4.h6\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~6.6.1p1~25.4.h6\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:21", "description": "The remote host is missing an update for\nthe ", "cvss3": {}, "published": "2018-11-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssh USN-3809-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15473", "CVE-2016-10708"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843809", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3809_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for openssh USN-3809-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843809\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2016-10708\", \"CVE-2018-15473\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-07 06:02:39 +0100 (Wed, 07 Nov 2018)\");\n script_name(\"Ubuntu Update for openssh USN-3809-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3809-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3809-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\nthe 'openssh' package(s) announced via the USN-3809-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\nis present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Robert Swiecki discovered that OpenSSH\nincorrectly handled certain messages. An attacker could possibly use this issue\nto cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-10708)\n\nIt was discovered that OpenSSH incorrectly handled certain requests.\nAn attacker could possibly use this issue to access sensitive\ninformation. (CVE-2018-15473)\");\n\n script_tag(name:\"affected\", value:\"openssh on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:6.6p1-2ubuntu2.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:7.6p1-4ubuntu0.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:7.2p2-4ubuntu2.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:55", "description": "This host is installed with openssh and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-01-06T00:00:00", "type": "openvas", "title": "OpenSSH Multiple Vulnerabilities Jan17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708", "CVE-2016-10011", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10012"], "modified": "2019-05-21T00:00:00", "id": "OPENVAS:1361412562310810325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810325", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSH Multiple Vulnerabilities Jan17 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openbsd:openssh\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810325\");\n script_version(\"2019-05-21T12:48:06+0000\");\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10010\", \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-10708\");\n script_bugtraq_id(94968, 94972, 94977, 94975);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-21 12:48:06 +0000 (Tue, 21 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-06 10:55:34 +0530 (Fri, 06 Jan 2017)\");\n script_name(\"OpenSSH Multiple Vulnerabilities Jan17 (Windows)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_openssh_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssh/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.openssh.com/txt/release-7.4\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/12/19/2\");\n script_xref(name:\"URL\", value:\"http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html\");\n script_xref(name:\"URL\", value:\"https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737\");\n\n script_tag(name:\"summary\", value:\"This host is installed with openssh and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An 'authfile.c' script does not properly consider the effects of realloc\n on buffer contents.\n\n - The shared memory manager (associated with pre-authentication compression)\n does not ensure that a bounds check is enforced by all compilers.\n\n - The sshd in OpenSSH creates forwarded Unix-domain sockets as root, when\n privilege separation is not used.\n\n - An untrusted search path vulnerability in ssh-agent.c in ssh-agent.\n\n - NULL pointer dereference error due to an out-of-sequence NEWKEYS message.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allows\n local users to obtain sensitive private-key information, to gain privileges,\n conduct a senial-of-service condition and allows remote attackers to execute\n arbitrary local PKCS#11 modules.\");\n\n script_tag(name:\"affected\", value:\"OpenSSH versions before 7.4 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSH version 7.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"7.4\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"7.4\", install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:57", "description": "This host is installed with openssh and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-01-06T00:00:00", "type": "openvas", "title": "OpenSSH Multiple Vulnerabilities Jan17 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10708", "CVE-2016-10011", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10012"], "modified": "2019-05-21T00:00:00", "id": "OPENVAS:13614125623108103256", "href": "http://plugins.openvas.org/nasl.php?oid=13614125623108103256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSH Multiple Vulnerabilities Jan17 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openbsd:openssh\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.8103256\");\n script_version(\"2019-05-21T12:48:06+0000\");\n script_cve_id(\"CVE-2016-10009\", \"CVE-2016-10010\", \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-10708\");\n script_bugtraq_id(94968, 94972, 94977, 94975);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-21 12:48:06 +0000 (Tue, 21 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-06 11:19:51 +0530 (Fri, 06 Jan 2017)\");\n script_name(\"OpenSSH Multiple Vulnerabilities Jan17 (Linux)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_openssh_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssh/detected\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.openssh.com/txt/release-7.4\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/12/19/2\");\n script_xref(name:\"URL\", value:\"http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html\");\n script_xref(name:\"URL\", value:\"https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737\");\n\n script_tag(name:\"summary\", value:\"This host is installed with openssh and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An 'authfile.c' script does not properly consider the effects of realloc\n on buffer contents.\n\n - The shared memory manager (associated with pre-authentication compression)\n does not ensure that a bounds check is enforced by all compilers.\n\n - The sshd in OpenSSH creates forwarded Unix-domain sockets as root, when\n privilege separation is not used.\n\n - An untrusted search path vulnerability in ssh-agent.c in ssh-agent.\n\n - NULL pointer dereference error due to an out-of-sequence NEWKEYS message.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allows\n local users to obtain sensitive private-key information, to gain privileges,\n conduct a senial-of-service condition and allows remote attackers to execute\n arbitrary local PKCS#11 modules.\");\n\n script_tag(name:\"affected\", value:\"OpenSSH versions before 7.4 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSH version 7.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"7.4\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"7.4\", install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:27", "description": "Several vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\nCVE-2015-5352\n\nOpenSSH incorrectly verified time window deadlines for X connections.\nRemote attackers could take advantage of this flaw to bypass intended\naccess restrictions. Reported by Jann Horn.\n\nCVE-2015-5600\n\nOpenSSH improperly restricted the processing of keyboard-interactive\ndevices within a single connection, which could allow remote attackers\nto perform brute-force attacks or cause a denial of service, in a\nnon-default configuration.\n\nCVE-2015-6563\n\nOpenSSH incorrectly handled usernames during PAM authentication. In\nconjunction with an additional flaw in the OpenSSH unprivileged child\nprocess, remote attackers could make use if this issue to perform user\nimpersonation. Discovered by Moritz Jodeit.\n\nCVE-2015-6564\n\nMoritz Jodeit discovered a use-after-free flaw in PAM support in\nOpenSSH, that could be used by remote attackers to bypass\nauthentication or possibly execute arbitrary code.\n\nCVE-2016-1908\n\nOpenSSH mishandled untrusted X11 forwarding when the X server disables\nthe SECURITY extension. Untrusted connections could obtain trusted X11\nforwarding privileges. Reported by Thomas Hoger.\n\nCVE-2016-3115\n\nOpenSSH improperly handled X11 forwarding data related to\nauthentication credentials. Remote authenticated users could make use\nof this flaw to bypass intended shell-command restrictions. Identified\nby github.com/tintinweb.\n\nCVE-2016-6515\n\nOpenSSH did not limit password lengths for password authentication.\nRemote attackers could make use of this flaw to cause a denial of\nservice via long strings.\n\nCVE-2016-10009\n\nJann Horn discovered an untrusted search path vulnerability in\nssh-agent allowing remote attackers to execute arbitrary local\nPKCS#11 modules by leveraging control over a forwarded agent-socket.\n\nCVE-2016-10011\n\nJann Horn discovered that OpenSSH did not properly consider the\neffects of realloc on buffer contents. This may allow local users to\nobtain sensitive private-key information by leveraging access to a\nprivilege-separated child process.\n\nCVE-2016-10012\n\nGuido Vranken discovered that the OpenSSH shared memory manager\ndid not ensure that a bounds check was enforced by all compilers,\nwhich could allow local users to gain privileges by leveraging access\nto a sandboxed privilege-separation process.\n\nCVE-2016-10708\n\nNULL pointer dereference and daemon crash via an out-of-sequence\nNEWKEYS message.\n\nCVE-2017-15906\n\nMichal Zalewski reported that OpenSSH improperly prevent write\noperations in readonly mode, allowing attackers to create zero-length\nfiles.", "cvss3": {}, "published": "2018-09-10T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for openssh (DLA-1500-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2016-1908", "CVE-2016-10708", "CVE-2016-10011", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-6515", "CVE-2015-5352", "CVE-2016-3115", "CVE-2017-15906", "CVE-2016-10012", "CVE-2015-6563"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891500", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891500\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\", \"CVE-2016-10009\",\n \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-10708\", \"CVE-2016-1908\", \"CVE-2016-3115\",\n \"CVE-2016-6515\", \"CVE-2017-15906\");\n script_name(\"Debian LTS: Security Advisory for openssh (DLA-1500-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-10 00:00:00 +0200 (Mon, 10 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"openssh on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\nWe recommend that you upgrade your openssh packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\nCVE-2015-5352\n\nOpenSSH incorrectly verified time window deadlines for X connections.\nRemote attackers could take advantage of this flaw to bypass intended\naccess restrictions. Reported by Jann Horn.\n\nCVE-2015-5600\n\nOpenSSH improperly restricted the processing of keyboard-interactive\ndevices within a single connection, which could allow remote attackers\nto perform brute-force attacks or cause a denial of service, in a\nnon-default configuration.\n\nCVE-2015-6563\n\nOpenSSH incorrectly handled usernames during PAM authentication. In\nconjunction with an additional flaw in the OpenSSH unprivileged child\nprocess, remote attackers could make use if this issue to perform user\nimpersonation. Discovered by Moritz Jodeit.\n\nCVE-2015-6564\n\nMoritz Jodeit discovered a use-after-free flaw in PAM support in\nOpenSSH, that could be used by remote attackers to bypass\nauthentication or possibly execute arbitrary code.\n\nCVE-2016-1908\n\nOpenSSH mishandled untrusted X11 forwarding when the X server disables\nthe SECURITY extension. Untrusted connections could obtain trusted X11\nforwarding privileges. Reported by Thomas Hoger.\n\nCVE-2016-3115\n\nOpenSSH improperly handled X11 forwarding data related to\nauthentication credentials. Remote authenticated users could make use\nof this flaw to bypass intended shell-command restrictions. Identified\nby github.com/tintinweb.\n\nCVE-2016-6515\n\nOpenSSH did not limit password lengths for password authentication.\nRemote attackers could make use of this flaw to cause a denial of\nservice via long strings.\n\nCVE-2016-10009\n\nJann Horn discovered an untrusted search path vulnerability in\nssh-agent allowing remote attackers to execute arbitrary local\nPKCS#11 modules by leveraging control over a forwarded agent-socket.\n\nCVE-2016-10011\n\nJann Horn discovered that OpenSSH did not properly consider the\neffects of realloc on buffer contents. This may allow local users to\nobtain sensitive private-key information by leveraging access to a\nprivilege-separated child process.\n\nCVE-2016-10012\n\nGuido Vranken discovered that the OpenSSH shared memory manager\ndid not ensure that a bounds check was enforced by all compilers,\nwhich could allow local users to gain privileges by leveraging access\nto a sandboxed privilege-separation process.\n\nCVE-2016-10708\n\nNULL pointer dereference and daemon crash via an out-of-sequence\nNEWKEYS message.\n\nCVE-2017-15906\n\nMichal Zalewski reported that OpenSSH improperly prevent write\noperations in readonly mode, allowing attackers to create zero-length\nfiles.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"openssh-client\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssh-sftp-server\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh-askpass-gnome\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh-krb5\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "debian": [{"lastseen": "2022-01-04T16:09:32", "description": "Package : openssh\nVersion : 1:6.0p1-4+deb7u7\nCVE ID : CVE-2016-10708\n\nOpenSSH was found to be vulnerable to out of order NEWKEYS messages\nwhich could crash the daemon, resulting in a denial of service attack.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1:6.0p1-4+deb7u7.\n\nWe recommend that you upgrade your openssh packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-26T21:13:11", "type": "debian", "title": "[SECURITY] [DLA 1257-1] openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10708"], "modified": "2018-01-26T21:13:11", "id": "DEBIAN:DLA-1257-1:E0ED4", "href": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-18T21:32:16", "description": "Package : openssh\nVersion : 1:6.7p1-5+deb8u6\nCVE ID : CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564\n CVE-2016-1908 CVE-2016-3115 CVE-2016-6515 CVE-2016-10009\n CVE-2016-10011 CVE-2016-10012 CVE-2016-10708\n CVE-2017-15906\nDebian Bug : 790798 793616 795711 848716 848717\n\n\nSeveral vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\nCVE-2015-5352\n\n OpenSSH incorrectly verified time window deadlines for X connections.\n Remote attackers could take advantage of this flaw to bypass intended\n access restrictions. Reported by Jann Horn.\n\nCVE-2015-5600\n\n OpenSSH improperly restricted the processing of keyboard-interactive\n devices within a single connection, which could allow remote attackers\n to perform brute-force attacks or cause a denial of service, in a\n non-default configuration.\n\nCVE-2015-6563\n\n OpenSSH incorrectly handled usernames during PAM authentication. In\n conjunction with an additional flaw in the OpenSSH unprivileged child\n process, remote attackers could make use if this issue to perform user\n impersonation. Discovered by Moritz Jodeit.\n\nCVE-2015-6564\n\n Moritz Jodeit discovered a use-after-free flaw in PAM support in\n OpenSSH, that could be used by remote attackers to bypass\n authentication or possibly execute arbitrary code.\n\nCVE-2016-1908\n\n OpenSSH mishandled untrusted X11 forwarding when the X server disables\n the SECURITY extension. Untrusted connections could obtain trusted X11\n forwarding privileges. Reported by Thomas Hoger.\n\nCVE-2016-3115\n\n OpenSSH improperly handled X11 forwarding data related to\n authentication credentials. Remote authenticated users could make use\n of this flaw to bypass intended shell-command restrictions. Identified\n by github.com/tintinweb.\n\nCVE-2016-6515\n\n OpenSSH did not limit password lengths for password authentication.\n Remote attackers could make use of this flaw to cause a denial of\n service via long strings.\n\nCVE-2016-10009\n\n Jann Horn discovered an untrusted search path vulnerability in\n ssh-agent allowing remote attackers to execute arbitrary local\n PKCS#11 modules by leveraging control over a forwarded agent-socket.\n\nCVE-2016-10011\n\n Jann Horn discovered that OpenSSH did not properly consider the\n effects of realloc on buffer contents. This may allow local users to\n obtain sensitive private-key information by leveraging access to a\n privilege-separated child process.\n\nCVE-2016-10012\n\n Guido Vranken discovered that the OpenSSH shared memory manager\n did not ensure that a bounds check was enforced by all compilers,\n which could allow local users to gain privileges by leveraging access\n to a sandboxed privilege-separation process.\n\nCVE-2016-10708\n\n NULL pointer dereference and daemon crash via an out-of-sequence\n NEWKEYS message.\n\nCVE-2017-15906\n\n Michal Zalewski reported that OpenSSH improperly prevent write\n operations in readonly mode, allowing attackers to create zero-length\n files.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\nWe recommend that you upgrade your openssh packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-10T08:44:17", "type": "debian", "title": "[SECURITY] [DLA 1500-1] openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-1908", "CVE-2016-3115", "CVE-2016-6515", "CVE-2017-15906"], "modified": "2018-09-10T08:44:17", "id": "DEBIAN:DLA-1500-1:E6BD7", "href": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "osv": [{"lastseen": "2022-08-05T05:18:08", "description": "\nOpenSSH was found to be vulnerable to out of order NEWKEYS messages\nwhich could crash the daemon, resulting in a denial of service attack.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1:6.0p1-4+deb7u7.\n\n\nWe recommend that you upgrade your openssh packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-26T00:00:00", "type": "osv", "title": "openssh - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10708"], "modified": "2022-08-05T05:18:06", "id": "OSV:DLA-1257-1", "href": "https://osv.dev/vulnerability/DLA-1257-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:19:16", "description": "\nSeveral vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\n\n* [CVE-2015-5352](https://security-tracker.debian.org/tracker/CVE-2015-5352)\nOpenSSH incorrectly verified time window deadlines for X connections.\n Remote attackers could take advantage of this flaw to bypass intended\n access restrictions. Reported by Jann Horn.\n* [CVE-2015-5600](https://security-tracker.debian.org/tracker/CVE-2015-5600)\nOpenSSH improperly restricted the processing of keyboard-interactive\n devices within a single connection, which could allow remote attackers\n to perform brute-force attacks or cause a denial of service, in a\n non-default configuration.\n* [CVE-2015-6563](https://security-tracker.debian.org/tracker/CVE-2015-6563)\nOpenSSH incorrectly handled usernames during PAM authentication. In\n conjunction with an additional flaw in the OpenSSH unprivileged child\n process, remote attackers could make use if this issue to perform user\n impersonation. Discovered by Moritz Jodeit.\n* [CVE-2015-6564](https://security-tracker.debian.org/tracker/CVE-2015-6564)\nMoritz Jodeit discovered a use-after-free flaw in PAM support in\n OpenSSH, that could be used by remote attackers to bypass\n authentication or possibly execute arbitrary code.\n* [CVE-2016-1908](https://security-tracker.debian.org/tracker/CVE-2016-1908)\nOpenSSH mishandled untrusted X11 forwarding when the X server disables\n the SECURITY extension. Untrusted connections could obtain trusted X11\n forwarding privileges. Reported by Thomas Hoger.\n* [CVE-2016-3115](https://security-tracker.debian.org/tracker/CVE-2016-3115)\nOpenSSH improperly handled X11 forwarding data related to\n authentication credentials. Remote authenticated users could make use\n of this flaw to bypass intended shell-command restrictions. Identified\n by github.com/tintinweb.\n* [CVE-2016-6515](https://security-tracker.debian.org/tracker/CVE-2016-6515)\nOpenSSH did not limit password lengths for password authentication.\n Remote attackers could make use of this flaw to cause a denial of\n service via long strings.\n* [CVE-2016-10009](https://security-tracker.debian.org/tracker/CVE-2016-10009)\nJann Horn discovered an untrusted search path vulnerability in\n ssh-agent allowing remote attackers to execute arbitrary local\n PKCS#11 modules by leveraging control over a forwarded agent-socket.\n* [CVE-2016-10011](https://security-tracker.debian.org/tracker/CVE-2016-10011)\nJann Horn discovered that OpenSSH did not properly consider the\n effects of realloc on buffer contents. This may allow local users to\n obtain sensitive private-key information by leveraging access to a\n privilege-separated child process.\n* [CVE-2016-10012](https://security-tracker.debian.org/tracker/CVE-2016-10012)\nGuido Vranken discovered that the OpenSSH shared memory manager\n did not ensure that a bounds check was enforced by all compilers,\n which could allow local users to gain privileges by leveraging access\n to a sandboxed privilege-separation process.\n* [CVE-2016-10708](https://security-tracker.debian.org/tracker/CVE-2016-10708)\nNULL pointer dereference and daemon crash via an out-of-sequence\n NEWKEYS message.\n* [CVE-2017-15906](https://security-tracker.debian.org/tracker/CVE-2017-15906)\nMichal Zalewski reported that OpenSSH improperly prevent write\n operations in readonly mode, allowing attackers to create zero-length\n files.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\n\nWe recommend that you upgrade your openssh packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-10T00:00:00", "type": "osv", "title": "openssh - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-1908", "CVE-2016-3115", "CVE-2016-6515", "CVE-2017-15906"], "modified": "2022-07-21T05:52:17", "id": "OSV:DLA-1500-1", "href": "https://osv.dev/vulnerability/DLA-1500-1", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-21T08:19:12", "description": "\nSeveral vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\n\n* [CVE-2015-5352](https://security-tracker.debian.org/tracker/CVE-2015-5352)\nOpenSSH incorrectly verified time window deadlines for X connections.\n Remote attackers could take advantage of this flaw to bypass intended\n access restrictions. Reported by Jann Horn.\n* [CVE-2015-5600](https://security-tracker.debian.org/tracker/CVE-2015-5600)\nOpenSSH improperly restricted the processing of keyboard-interactive\n devices within a single connection, which could allow remote attackers\n to perform brute-force attacks or cause a denial of service, in a\n non-default configuration.\n* [CVE-2015-6563](https://security-tracker.debian.org/tracker/CVE-2015-6563)\nOpenSSH incorrectly handled usernames during PAM authentication. In\n conjunction with an additional flaw in the OpenSSH unprivileged child\n process, remote attackers could make use if this issue to perform user\n impersonation. Discovered by Moritz Jodeit.\n* [CVE-2015-6564](https://security-tracker.debian.org/tracker/CVE-2015-6564)\nMoritz Jodeit discovered a use-after-free flaw in PAM support in\n OpenSSH, that could be used by remote attackers to bypass\n authentication or possibly execute arbitrary code.\n* [CVE-2016-1908](https://security-tracker.debian.org/tracker/CVE-2016-1908)\nOpenSSH mishandled untrusted X11 forwarding when the X server disables\n the SECURITY extension. Untrusted connections could obtain trusted X11\n forwarding privileges. Reported by Thomas Hoger.\n* [CVE-2016-3115](https://security-tracker.debian.org/tracker/CVE-2016-3115)\nOpenSSH improperly handled X11 forwarding data related to\n authentication credentials. Remote authenticated users could make use\n of this flaw to bypass intended shell-command restrictions. Identified\n by github.com/tintinweb.\n* [CVE-2016-6515](https://security-tracker.debian.org/tracker/CVE-2016-6515)\nOpenSSH did not limit password lengths for password authentication.\n Remote attackers could make use of this flaw to cause a denial of\n service via long strings.\n* [CVE-2016-10009](https://security-tracker.debian.org/tracker/CVE-2016-10009)\nJann Horn discovered an untrusted search path vulnerability in\n ssh-agent allowing remote attackers to execute arbitrary local\n PKCS#11 modules by leveraging control over a forwarded agent-socket.\n* [CVE-2016-10011](https://security-tracker.debian.org/tracker/CVE-2016-10011)\nJann Horn discovered that OpenSSH did not properly consider the\n effects of realloc on buffer contents. This may allow local users to\n obtain sensitive private-key information by leveraging access to a\n privilege-separated child process.\n* [CVE-2016-10012](https://security-tracker.debian.org/tracker/CVE-2016-10012)\nGuido Vranken discovered that the OpenSSH shared memory manager\n did not ensure that a bounds check was enforced by all compilers,\n which could allow local users to gain privileges by leveraging access\n to a sandboxed privilege-separation process.\n* [CVE-2016-10708](https://security-tracker.debian.org/tracker/CVE-2016-10708)\nNULL pointer dereference and daemon crash via an out-of-sequence\n NEWKEYS message.\n* [CVE-2017-15906](https://security-tracker.debian.org/tracker/CVE-2017-15906)\nMichal Zalewski reported that OpenSSH improperly prevent write\n operations in readonly mode, allowing attackers to create zero-length\n files.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\n\nWe recommend that you upgrade your openssh packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-10T00:00:00", "type": "osv", "title": "openssh - regression update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-1908", "CVE-2016-3115", "CVE-2016-6515", "CVE-2017-15906"], "modified": "2022-07-21T05:52:17", "id": "OSV:DLA-1500-2", "href": "https://osv.dev/vulnerability/DLA-1500-2", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "redhatcve": [{"lastseen": "2022-07-07T08:07:53", "description": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-10T04:49:30", "type": "redhatcve", "title": "CVE-2016-10708", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10708"], "modified": "2022-07-07T07:43:11", "id": "RH:CVE-2016-10708", "href": "https://access.redhat.com/security/cve/cve-2016-10708", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:53:00", "description": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and daemon crash) via an out-of-sequence\nNEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and\npacket.c.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | rated low as issue only allows crashing the per-connection process, not the main daemon.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-10708", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10708"], "modified": "2018-01-21T00:00:00", "id": "UB:CVE-2016-10708", "href": "https://ubuntu.com/security/CVE-2016-10708", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-07-09T17:35:01", "description": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-21T22:29:00", "type": "debiancve", "title": "CVE-2016-10708", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10708"], "modified": "2018-01-21T22:29:00", "id": "DEBIANCVE:CVE-2016-10708", "href": "https://security-tracker.debian.org/tracker/CVE-2016-10708", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T10:43:01", "description": "USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 \nwas incomplete and could introduce a regression in certain environments. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nRobert Swiecki discovered that OpenSSH incorrectly handled certain messages. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n(CVE-2016-10708)\n\nIt was discovered that OpenSSH incorrectly handled certain requests. \nAn attacker could possibly use this issue to access sensitive information. \n(CVE-2018-15473)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2021-08-12T00:00:00", "type": "ubuntu", "title": "OpenSSH regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15473", "CVE-2016-10708"], "modified": "2021-08-12T00:00:00", "id": "USN-3809-2", "href": "https://ubuntu.com/security/notices/USN-3809-2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-04T11:51:39", "description": "Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n(CVE-2016-10708)\n\nIt was discovered that OpenSSH incorrectly handled certain requests. \nAn attacker could possibly use this issue to access sensitive information. \n(CVE-2018-15473)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-06T00:00:00", "type": "ubuntu", "title": "OpenSSH vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15473", "CVE-2016-10708"], "modified": "2018-11-06T00:00:00", "id": "USN-3809-1", "href": "https://ubuntu.com/security/notices/USN-3809-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2021-09-08T07:37:41", "description": "## Severity\n\nUnknown\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nUSN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nRobert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708)\n\nIt was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473)\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is unknown unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.24\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.252.0\n * CF Deployment \n * All versions prior to 16.23.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.24 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.252.0 or greater\n * CF Deployment \n * Upgrade all versions to 16.23.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/3809-2/>)\n\n## History\n\n2021-09-07: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2021-09-07T00:00:00", "type": "cloudfoundry", "title": "USN-3809-2: OpenSSH regression | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10708", "CVE-2018-15473"], "modified": "2021-09-07T00:00:00", "id": "CFOUNDRY:33A5CFE90CB8A153586AFE5BB43A3BBD", "href": "https://www.cloudfoundry.org/blog/usn-3809-2-openssh-regression/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:54", "description": "# \n\n# Severity\n\nLow\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nRobert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708)\n\nIt was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473)\n\nCVEs contained in this USN include: CVE-2016-10708, CVE-2018-15473\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.56\n * 3541.x versions prior to 3541.60\n * 3468.x versions prior to 3468.86\n * 3445.x versions prior to 3445.82\n * 3421.x versions prior to 3421.99\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.6\n * 97.x versions prior to 97.33\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.247.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.36.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.56\n * Upgrade 3541.x versions to 3541.60\n * Upgrade 3468.x versions to 3468.86\n * Upgrade 3445.x versions to 3445.82\n * Upgrade 3421.x versions to 3421.99\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.6\n * Upgrade 97.x versions to 97.33\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.247.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.36.0 or later.\n\n# References\n\n * [USN-3809-1](<https://usn.ubuntu.com/3809-1>)\n * [CVE-2016-10708](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10708>)\n * [CVE-2018-15473](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15473>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-20T00:00:00", "type": "cloudfoundry", "title": "USN-3809-1: OpenSSH vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15473", "CVE-2016-10708"], "modified": "2018-11-20T00:00:00", "id": "CFOUNDRY:AD75AE1BC6EAF1FB6EA7CEC33AAA7C78", "href": "https://www.cloudfoundry.org/blog/usn-3809-1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudlinux": [{"lastseen": "2022-07-11T18:14:41", "description": "\n- CVE-2016-10708: fix crash in packet handling code by moving inbound NEWKEYS\n handling to kex layer\n- CVE-2016-10012: abandon the fix due to compression mode issues", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-11T17:47:12", "type": "cloudlinux", "title": "Fixed CVEs in openssh-5.3p1: CVE-2016-10708, CVE-2016-10012", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10012", "CVE-2016-10708"], "modified": "2022-07-11T17:47:12", "id": "CLSA-2022:1657561632", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2022-01-12T03:29:04", "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can obtain usernames for valid SSH users and cause denial of service through application crashes.\n\n \n\n### AFFECTED PRODUCTS \n\nAdvanced Secure Gateway (ASG) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 6.6 | Upgrade to 6.6.5.18. \n6.7 | Upgrade to 6.7.4.2. \n \n \n\nCacheFlow (CF) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 3.4 | A fix will not be provided. Please switch to a version of ProxySG MACH5 Edition with fixes. \n \n \n\nContent Analysis (CA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 1.3 | Upgrade to later version with fixes. \n2.1 and later | Not vulnerable \n \n \n\nDirector \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nAll CVEs | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\nMail Threat Defense (MTD) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\nMalware Analysis (MA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 4.2 | Upgrade to a version of Content Analysis with fixes. \n \n \n\nManagement Center (MC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 2.0, 2.3, 2.4, 3.0 | Upgrade to later release with fixes. \n3.1 | Not vulnerable, fixed in 3.1.1.1 \n \n \n\nPacketShaper (PS) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708 | 9.2 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper. Switch to a version of SSG with the vulnerability fixes. \n \n \n\nPacketShaper (PS) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 11.6, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes. \n \n \n\nPolicyCenter (PC) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 1.1 | A fix will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n \n \n\nProxySG \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 6.5 | Upgrade to 6.5.10.15. \n6.6 | Upgrade to 6.6.5.18. \n6.7 | Upgrade to 6.7.4.2. \n7.1 and later | Not vulnerable, fixed in 7.1.1.1 \n \n \n\nReporter \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708 | 9.5 | Not vulnerable \n10.1, 10.2 | Upgrade to later release with fixes. \n10.3 and later | No vulnerable, fixed in 10.3.1.1 \nCVE-2018-15473 | 9.5 | Not vulnerable \n10.1, 10.2, 10.3, 10.4 | Upgrade to later release with fixes. \n10.5, 10.6 | Not available at this time \n \n \n\nSecurity Analytics (SA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-15473 | 7.2, 7.3, 8.0 | Upgrade to later release with fixes. \n8.1 and later | Not vulnerable, fixed. \nCVE-2018-15919 | 7.2 | Not available at this time \n7.3, 8.0 | Upgrade to later release with fixes. \n8.1 | Upgrade to 8.1.3. \n8.2 and later | Not vulnerable, fixed in 8.2.1 \n \n \n\nSSL Visibility (SSLV) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nAll CVEs | 3.10 | Upgrade to later release with fixes. \n3.12 | Upgrade to later release with fixes. \n4.2 and later | Not vulnerable \n \n \n\nWeb Isolation (WI) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-15919 | 1.12 | Upgrade to later release with fixes. \n1.13, 1.14 | Not available at this time \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2016-10708, CVE-2018-15473 | 10.0, 11.0 | A fix will not be provided. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION \n\nThe following products are not vulnerable: \n**AuthConnector \nBCAAA \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server** \n**General Auth Connector Login Application \nHSM Agent for the Luna SP \nIntelligenceCenter \nIntelligenceCenter Data Collector \nPolicyCenter \nProxyAV \nProxyAV ConLog and ConLogXP \nUnified Agent \nWSS Mobile Agent**\n\n### ISSUES\n\nCVE-2016-10708 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 102780](<https://www.securityfocus.com/bid/102780>) / NVD: [CVE-2016-10708](<https://nvd.nist.gov/vuln/detail/CVE-2016-10708>) \n**Impact** | Denial of service \n**Description** | A flaw in SSH message handling allows a remote attacker to send out-of-sequence NEWKEYS messages and cause an application crash, resulting in denial of service. \n \n \n\nCVE-2018-15473 \n--- \n**Severity / CVSSv3** | Medium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n**References** | SecurityFocus: [BID 105140](<https://www.securityfocus.com/bid/105140>) / NVD: [CVE-2018-15473](<https://nvd.nist.gov/vuln/detail/CVE-2018-15473>) \n**Impact** | Information disclosure \n**Description** | A flaw in user authentication allows a remote attacker to discover usernames for valid users on the target. \n \n \n\nCVE-2018-15919 \n--- \n**Severity / CVSSv3** | Medium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n**References** | SecurityFocus: [BID 105163](<https://www.securityfocus.com/bid/105163>) / NVD: [CVE-2018-15919](<https://nvd.nist.gov/vuln/detail/CVE-2018-15919>) \n**Impact** | Information disclosure \n**Description** | A flaw in GSS2 handling allows a remote attacker to discover usernames for valid users on the target. \n \n \n\n### MITIGATION\n\nThese vulnerabilities can be exploited only through the management interfaces for all vulnerable products. Allowing only machines, IP addresses and subnets from a trusted network to access the management interface reduces the threat of exploiting the vulnerabilities.\n\n \n\n### REVISION\n\n2021-10-01 ProxySG 7.1 and later releases are not vulnerable because a fix is available in 7.1.1.1. \n2021-07-15 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2021-06-01 A fix for MC 3.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2021-05-12 A fix for CVE-2018-15919 in SA 8.1 is available in 8.1.3. \n2021-02-18 A fix for MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2021-01-15 WI 1.14 is vulnerable to CVE-2018-15919. A fix is not available at this time. Fixes will not be provided for WI 1.12. Please upgrade to a later release with the vulnerability fixes. \n2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-12-09 SA 8.2 is not vulnerable because a fix is available in 8.2.1. \n2020-11-30 MC 3.1 is not vulnerable because a fix is available in 3.1.1.1. \n2020-11-19 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-08-19 A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-06-01 A fix for CacheFlow will not be provided. Please switch to a version of ProxySG MACH5 Edition with the vulnerability fixes. \n2020-04-05 A fix for Management Center 2.2 will not be provided. A fix for CVE-2018-15473 in Reporter 10.3 will not be provided. Please upgrade to later versions with the vulnerability fixes. Management Center 2.4 is vulnerable to CVE-2016-10708 and CVE-2018-15473. Reporter 10.5 is vulnerable to CVE-2018-15473. Security Analytics 8.1 is vulnerable to CVE-2018-15919. Security 8.1 is not vulnerable to CVE-2018-15473 because a fix is available in 8.1.1. \n2020-04-04 A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n2020-01-19 A fix for Malware Analysis will not be provided. Upgrade to a version of Content Analysis with the vulnerability fixes. \n2019-10-07 WI 1.12 and 1.3 are vulnerable to CVE-2018-15919. A fix is not available at this time. \n2019-09-05 A fix for MC 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-30 It was previously reported that Reporter 10.3 is vulnerable to CVE-2018-15919. Reporter 10.3 is instead vulnerable to CVE-2018-15473. Reporter 10.4 is also vulnerable to CVE-2018-15473. \n2019-08-13 MC 2.2 and MC 2.3 are vulnerable to CVE-2016-10708 and CVE-2018-15473. A fix for MC 2.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-09 A fix for ProxySG 6.5 is available in 6.5.10.15. \n2019-08-09 A fix for ASG 6.6 and ProxySG 6.6 is available in 6.6.5.18. \n2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-02-04 A fix for CA 1.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-15 A fix for ASG 6.7 and ProxySG 6.7 is available in 6.7.4.2. \n2019-01-14 Reporter 10.3 is vulnerable to CVE-2018-15919. It is not vulnerable to CVE-2016-10708 because a fix is available in 10.3.1.1. \n2018-11-29 initial public release\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-29T08:01:01", "type": "symantec", "title": "OpenSSH Vulnerabilities Jan-Aug 2018", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10708", "CVE-2018-15473", "CVE-2018-15919"], "modified": "2022-01-10T20:08:22", "id": "SMNTC-1469", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2022-01-01T21:52:41", "description": "## Summary\n\nIBM Flex System Chassis Management Module (CMM) has addressed the following vulnerabilities in OpenSSH.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-15906](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906>) \n**DESCRIPTION:** OpenSSH is vulnerable to a denial of service, caused by an error in the process_open() function when in read-only mode. A remote authenticated attacker could exploit this vulnerability to create zero-length files and cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133128> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-10708](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708>) \n**DESCRIPTION:** OpenSSH is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted SSH2_MSG_NEWKEYS message, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117448> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-10012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012>) \n**DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by improper bounds checking in the shared memory manager. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119831> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2008-1483](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483>) \n**DESCRIPTION:** OpenSSH could allow a local authenticated attacker to hijack forwarded X11 sessions, caused by an error in sshd when setting the DISPLAY environment variable. By listening to the same port used to forward the X11 session, a local attacker could obtain the MIT-MAGIC-COOKIE and hijack other user''s sessions. \nCVSS Base Score: 1.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/41438> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:S/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM Flex System Chassis Management Module (CMM)\n\n| \n\n2PET \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM Flex System Chassis Management Module (CMM) \n(ibm_fw_cmm_2pet16d-2.5.13d_anyos_noarch)\n\n| \n\n2pet16d-2.5.13d \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[Lenovo Product Security Advisories](<https://support.lenovo.com/us/en/product_security/home>)\n\n## Change History\n\n10 Oct 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Product\":{\"code\":\"SSWLYD\",\"label\":\"PureFlex System &amp; Flex System\"},\"Component\":\"IBM Flex System Chassis Management Module (CMM)\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-10T22:15:01", "type": "ibm", "title": "Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1483", "CVE-2016-10012", "CVE-2016-10708", "CVE-2017-15906"], "modified": "2018-10-10T22:15:01", "id": "658E8F61B8BDFC2CE2BE44C008D591874CE5C4233BE8F27530A80E3BE7F49AC9", "href": "https://www.ibm.com/support/pages/node/734739", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:11:36", "description": "## Summary\n\nIBM Integrated Management Module II (IMM2) has addressed the following vulnerabilities in OpenSSH. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15473](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473>) \n**DESCRIPTION:** OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate valid usernames. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-15906](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906>) \n**DESCRIPTION:** OpenSSH is vulnerable to a denial of service, caused by an error in the process_open() function when in read-only mode. A remote authenticated attacker could exploit this vulnerability to create zero-length files and cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133128> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-10708](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708>) \n**DESCRIPTION:** OpenSSH is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted SSH2_MSG_NEWKEYS message, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117448> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-10012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012>) \n**DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by improper bounds checking in the shared memory manager. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119831> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2008-1483](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483>) \n**DESCRIPTION:** OpenSSH could allow a local authenticated attacker to hijack forwarded X11 sessions, caused by an error in sshd when setting the DISPLAY environment variable. By listening to the same port used to forward the X11 session, a local attacker could obtain the MIT-MAGIC-COOKIE and hijack other user''s sessions. \nCVSS Base Score: 1.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/41438> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:S/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM Integrated Management Module II (IMM2) for System x &amp; Flex Systems\n\n| \n\n1AOO \n \nIBM Integrated Management Module II (IMM2) for BladeCenter Systems\n\n| \n\n1AOO \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: [http://www.ibm.com/support/fixcentral/](<http://www.ibm.com/support/fixcentral/>)\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM Integrated Management Module II (IMM2) for System x &amp; Flex Systems \n(ibm_fw_imm2_1aoo86d-7.00_anyos_noarch)\n\n| \n\n1AOO86D-7.00 \n \nIBM Integrated Management Module II (IMM2) for BladeCenter Systems \n(ibm_fw_imm2_1aoo86d-7.00-bc_anyos_noarch)\n\n| \n\n1AOO86D-7.00-bc \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[Lenovo Product Security Advisories](<https://support.lenovo.com/us/en/product_security/home>)\n\n## Change History\n\n16 October 2018: Original Version Published \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW19X\",\"label\":\"System x-&gt;Microsoft Datacenter\"},\"Component\":\"IMM2\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Product\":{\"code\":\"SSWLYD\",\"label\":\"PureFlex System &amp; Flex System\"},\"Component\":\"IMM2\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"SGUQZ9\",\"label\":\"System x Blades\"},\"Component\":\"IMM2\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-16T18:00:01", "type": "ibm", "title": "Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in OpenSSH", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1483", "CVE-2016-10012", "CVE-2016-10708", "CVE-2017-15906", "CVE-2018-15473"], "modified": "2018-10-16T18:00:01", "id": "21CA141F5B91FE49B1F75D8D6B65BC931C921F701DD5879FF0FA176FE14B2F44", "href": "https://www.ibm.com/support/pages/node/735379", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:11:26", "description": "## Summary\n\nIBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in OpenSSH.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15919](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15919>) \n**DESCRIPTION:** OpenSSH could allow a remote attacker to obtain sensitive information, caused by an error in auth-gss2.c when GSS2 is in use. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate valid usernames. Note: The discoverer has stated that the OpenSSH developers do not want to treat such a username enumeration as a vulnerability. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-15473](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473>) \n**DESCRIPTION:** OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate valid usernames. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-15906](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906>) \n**DESCRIPTION:** OpenSSH is vulnerable to a denial of service, caused by an error in the process_open() function when in read-only mode. A remote authenticated attacker could exploit this vulnerability to create zero-length files and cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133128> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-10708](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708>) \n**DESCRIPTION:** OpenSSH is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted SSH2_MSG_NEWKEYS message, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117448> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-10012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012>) \n**DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by improper bounds checking in the shared memory manager. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119831> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2008-1483](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483>) \n**DESCRIPTION:** OpenSSH could allow a local authenticated attacker to hijack forwarded X11 sessions, caused by an error in sshd when setting the DISPLAY environment variable. By listening to the same port used to forward the X11 session, a local attacker could obtain the MIT-MAGIC-COOKIE and hijack other user''s sessions. \nCVSS Base Score: 1.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/41438> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:S/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM Dynamic System Analysis (DSA) Preboot \n\n| \n\n9.6 \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM Dynamic System Analysis (DSA) Preboot \n(ibm_fw_dsa_dsyte2z-9.65_anyos_32-64)\n\n| \n\ndsyte2z-9.65 \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[Lenovo Product Security Advisories](<https://support.lenovo.com/us/en/product_security/home>)\n\n## Change History\n\n23 April 2019: Initial version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Product\":{\"code\":\"SSWLYD\",\"label\":\"PureFlex System &amp; Flex System\"},\"Component\":\"IBM Dynamic System Analysis (DSA) Preboot\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW19X\",\"label\":\"System x-&gt;Microsoft Datacenter\"},\"Component\":\"IBM Dynamic System Analysis (DSA) Preboot\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-23T18:30:01", "type": "ibm", "title": "Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSH", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1483", "CVE-2016-10012", "CVE-2016-10708", "CVE-2017-15906", "CVE-2018-15473", "CVE-2018-15919"], "modified": "2019-04-23T18:30:01", "id": "38077FEB135B7DF153D2B6FC98C852CF7ECEF94ECFBBF17859616B95FD0AC26A", "href": "https://www.ibm.com/support/pages/node/874464", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:44:59", "description": "OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nThe following packages have been upgraded to a later upstream version: openssh (7.4p1). (BZ#1341754)\n\nSecurity Fix(es):\n\n* A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)\n\n* It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515)\n\n* It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009)\n\n* It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011)\n\n* It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-01T05:57:17", "type": "redhat", "title": "(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-6210", "CVE-2016-6515"], "modified": "2018-04-11T23:33:13", "id": "RHSA-2017:2029", "href": "https://access.redhat.com/errata/RHSA-2017:2029", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2022-02-27T16:06:09", "description": "**CentOS Errata and Security Advisory** CESA-2017:2029\n\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nThe following packages have been upgraded to a later upstream version: openssh (7.4p1). (BZ#1341754)\n\nSecurity Fix(es):\n\n* A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)\n\n* It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515)\n\n* It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009)\n\n* It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011)\n\n* It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2017-August/017307.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-cavs\nopenssh-clients\nopenssh-keycat\nopenssh-ldap\nopenssh-server\nopenssh-server-sysvinit\npam_ssh_agent_auth\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:2029", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-24T01:40:16", "type": "centos", "title": "openssh, pam_ssh_agent_auth security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-6210", "CVE-2016-6515"], "modified": "2017-08-24T01:40:16", "id": "CESA-2017:2029", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2017-August/017307.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}