Lucene search

K
f5F5F5:K57304814
HistoryJan 19, 2017 - 12:00 a.m.

K57304814 : OpenSSH vulnerability CVE-2016-8858

2017-01-1900:00:00
my.f5.com
92

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.81 High

EPSS

Percentile

98.1%

Security Advisory Description

DISPUTED The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue. (CVE-2016-8858)
Impact
An unauthenticated, remote attacker can exploit this, by sending multiple KEXINIT messages, to consume up to 128 MB per connection. The LineRate system default MaxSessions option in thesshd_configconfiguration file is10, which limits the impact of this vulnerability to approximately 1 GB of memory consumed. This vulnerability should only be a concern for very small LineRate deployments.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.81 High

EPSS

Percentile

98.1%

Related for F5:K57304814