DATABASE RESOURCES PRICING ABOUT US

{"id": "0840225027FABDA459826FFEB2567F962694C590B4289850C4F762651A17B943", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Intrusion Prevention System (CVE-2015-5600)", "description": "## Summary\n\nA security vulnerability has been discovered in OpenSSH used with IBM Security Network Intrusion Prevention System.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5600_](<https://vulners.com/cve/CVE-2015-5600>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104877_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104877>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nProducts: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n \nFirmware versions 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.2| [_4.6.2.0-ISS-ProvG-AllModels-System-FP0011_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.1| [_4.6.1.0-ISS-ProvG-AllModels-System-FP0015_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6| [_4.6.0.0-ISS-ProvG-AllModels-System-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.5| [_4.5.0.0-ISS-ProvG-AllModels-System-FP0015_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.4| [_4.4.0.0-ISS-ProvG-AllModels-System-FP0015_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.3| [_4.3.0.0-ISS-ProvG-AllModels-System-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2022-02-23T19:48:26", "modified": "2022-02-23T19:48:26", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.ibm.com/support/pages/node/270021", "reporter": "IBM", "references": [], "cvelist": ["CVE-2015-5600"], "immutableFields": [], "lastseen": "2023-02-21T01:36:56", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2015-625"]}, {"type": "archlinux", "idList": ["ASA-201507-17"]}, {"type": "centos", "idList": ["CESA-2015:2088", "CESA-2016:0466"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-1194"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:28883491CAD3C04ED61F2AE814DD1633"]}, {"type": "cve", "idList": ["CVE-2015-5600"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1500-1:E6BD7", "DEBIAN:DLA-288-1:31147", "DEBIAN:DLA-288-1:36C61", "DEBIAN:DLA-288-2:68C70", "DEBIAN:DLA-288-2:B65D2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5600"]}, {"type": "f5", "idList": ["F5:K17113", "SOL17113"]}, {"type": "fedora", "idList": ["FEDORA:146EF61A1014", "FEDORA:27BE8609204C", "FEDORA:2E88760877A1", "FEDORA:5CE3E6118DC1", "FEDORA:7B66961B84A2"]}, {"type": "freebsd", "idList": ["5B74A5BC-348F-11E5-BA05-C80AA9043978"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-15:16.OPENSSH"]}, {"type": "gentoo", "idList": ["GLSA-201512-04"]}, {"type": "ibm", "idList": ["1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "52BACDC88952FDDA0E2AD245BFF0C77AD954ADED8187759D72D88112EE7DF7F4", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "BBAF4A8874B4E6550EACD53B3B3956D87F91956BE43B6AC0570EF1AE5320225C", "EDF4B5A27866764F46339E29215E0B00F97C916965ECE1597B9CD93AA0C2F432", "FC6C4426C76B592E968FD3C9EA26406E90FB3C95C30F68EC9CCD547D24485997"]}, {"type": "mageia", "idList": ["MGASA-2015-0295"]}, {"type": "nessus", "idList": ["8981.PRM", "9309.PRM", "ALA_ALAS-2015-625.NASL", "CENTOS_RHSA-2015-2088.NASL", "CENTOS_RHSA-2016-0466.NASL", "DEBIAN_DLA-288.NASL", "F5_BIGIP_SOL17113.NASL", "FEDORA_2015-11981.NASL", "FEDORA_2015-13469.NASL", "FREEBSD_PKG_5B74A5BC348F11E5BA05C80AA9043978.NASL", "GENTOO_GLSA-201512-04.NASL", "MACOSX_10_10_5.NASL", "NEWSTART_CGSL_NS-SA-2019-0146_OPENSSH-LATEST.NASL", "OPENSSH_70.NASL", "OPENSSH_MAXAUTHTRIES_BRUTEFORCE.NASL", "ORACLELINUX_ELSA-2015-2088.NASL", "ORACLELINUX_ELSA-2016-0466.NASL", "ORACLELINUX_ELSA-2016-3531.NASL", "ORACLEVM_OVMSA-2016-0038.NASL", "ORACLEVM_OVMSA-2016-0070.NASL", "PFSENSE_SA-15_08.NASL", "REDHAT-RHSA-2015-2088.NASL", "REDHAT-RHSA-2016-0466.NASL", "SL_20151119_OPENSSH_ON_SL7_X.NASL", "SL_20160321_OPENSSH_ON_SL6_X.NASL", "SUSE_SU-2015-1544-1.NASL", "SUSE_SU-2015-1547-1.NASL", "SUSE_SU-2015-1547-2.NASL", "SUSE_SU-2015-1581-1.NASL", "SUSE_SU-2015-1695-1.NASL", "SUSE_SU-2015-1840-1.NASL", "UBUNTU_USN-2710-1.NASL", "UBUNTU_USN-2710-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106046", "OPENVAS:1361412562310120615", "OPENVAS:1361412562310121426", "OPENVAS:1361412562310122744", "OPENVAS:1361412562310122921", "OPENVAS:1361412562310130083", "OPENVAS:1361412562310806052", "OPENVAS:1361412562310842409", "OPENVAS:1361412562310842418", "OPENVAS:1361412562310869826", "OPENVAS:1361412562310869829", "OPENVAS:1361412562310869834", "OPENVAS:1361412562310869875", "OPENVAS:1361412562310869911", "OPENVAS:1361412562310871506", "OPENVAS:1361412562310871579", "OPENVAS:1361412562310882431", "OPENVAS:1361412562310891500"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2016", "ORACLE:CPUJUL2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2088", "ELSA-2016-0466", "ELSA-2016-3531"]}, {"type": "osv", "idList": ["OSV:DLA-1500-1", "OSV:DLA-1500-2", "OSV:DLA-288-1", "OSV:DLA-288-2"]}, {"type": "redhat", "idList": ["RHSA-2015:2088", "RHSA-2016:0466"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32378", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:VULN:14614", "SECURITYVULNS:VULN:14630"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1581-1"]}, {"type": "symantec", "idList": ["SMNTC-1337"]}, {"type": "ubuntu", "idList": ["USN-2710-1", "USN-2710-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5600"]}]}, "score": {"value": 1.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2016:0466"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:28883491CAD3C04ED61F2AE814DD1633"]}, {"type": "cve", "idList": ["CVE-2015-5600"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1500-1:E6BD7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5600"]}, {"type": "f5", "idList": ["SOL17113"]}, {"type": "fedora", "idList": ["FEDORA:5CE3E6118DC1"]}, {"type": "freebsd", "idList": ["5B74A5BC-348F-11E5-BA05-C80AA9043978"]}, {"type": "ibm", "idList": ["BBAF4A8874B4E6550EACD53B3B3956D87F91956BE43B6AC0570EF1AE5320225C", "FC6C4426C76B592E968FD3C9EA26406E90FB3C95C30F68EC9CCD547D24485997"]}, {"type": "nessus", "idList": ["NEWSTART_CGSL_NS-SA-2019-0146_OPENSSH-LATEST.NASL", "SL_20151119_OPENSSH_ON_SL7_X.NASL", "SUSE_SU-2015-1547-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122744", "OPENVAS:1361412562310869875"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2018-4258247"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-3531"]}, {"type": "redhat", "idList": ["RHSA-2016:0466"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14614"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1581-1"]}, {"type": "symantec", "idList": ["SMNTC-1337"]}, {"type": "ubuntu", "idList": ["USN-2710-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5600"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "proventia network intrusion prevention system", "version": 4}, {"name": "proventia network intrusion prevention system", "version": 4}, {"name": "proventia network intrusion prevention system", "version": 4}, {"name": "proventia network intrusion prevention system", "version": 4}, {"name": "proventia network intrusion prevention system", "version": 4}, {"name": "proventia network intrusion prevention system", "version": 4}]}, "epss": [{"cve": "CVE-2015-5600", "epss": "0.190810000", "percentile": "0.954410000", "modified": "2023-03-17"}], "vulnersScore": 1.3}, "_state": {"dependencies": 1676943511, "score": 1676943696, "affected_software_major_version": 1677355290, "epss": 1679165106}, "_internal": {"score_hash": "4f3bf99d2a1776850db42f917adca055"}, "affectedSoftware": [{"version": "4.3", "operator": "eq", "name": "proventia network intrusion prevention system"}, {"version": "4.4", "operator": "eq", "name": "proventia network intrusion prevention system"}, {"version": "4.5", "operator": "eq", "name": "proventia network intrusion prevention system"}, {"version": "4.6", "operator": "eq", "name": "proventia network intrusion prevention system"}, {"version": "4.6.1", "operator": "eq", "name": "proventia network intrusion prevention system"}, {"version": "4.6.2", "operator": "eq", "name": "proventia network intrusion prevention system"}]}

{"checkpoint_advisories": [{"lastseen": "2021-12-17T15:52:10", "description": "A policy bypass vulnerability exists in OpenSSH. The vulnerability is due to a flaw in the kbdint_next_device function. An unauthorized, remote attacker can exploit this vulnerability causing the vulnerable server to try the authentication method an arbitrary number of times, effectively allowing the attacker to perform a brute force attack.", "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "checkpoint_advisories", "title": "OpenSSH kbdint_next_device Policy Bypass (CVE-2015-5600)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2016-09-28T00:00:00", "id": "CPAI-2015-1194", "href": "", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "ibm": [{"lastseen": "2023-02-21T21:53:35", "description": "## Summary\n\nA security vulnerability has been identified in openssh that is contained in the IBM Flex System Manager (FSM). This bulletin addresses the vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5600_](<https://vulners.com/cve/CVE-2015-5600>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104877_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104877>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.x \nFlex System Manager 1.3.3.x \nFlex System Manager 1.3.2.x \nFlex System Manager 1.3.1.x \nFlex System Manager 1.3.0.x \nFlex System Manager 1.2.x.x \nFlex System Manager 1.1.x.x\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n**Warning**: Agents older than version 6.3.5 must be updated using the Technote listed in these Remediation plans before this FSM fix is installed or you will permanently lose contact with the endpoint with agents older than version 6.3.5 \n \n\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nFlex System Manager| 1.3.4.x| IT12081| Verify the required Java updates have been completed, then install [fsmfix1.3.4.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of Technote [761981453](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>). \n \nFlex System Manager| 1.3.3.x| IT12081| Verify the required Java updates have been completed, then install [fsmfix1.3.3.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of [](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>)Technote [736218441](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas724cb521f58c4126286257dfd005c1958>). \n \nFlex System Manager| 1.3.2.x| IT12081| Verify the required Java updates have been completed, then install [fsmfix1.3.2.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of [](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>)Technote [736218441](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas724cb521f58c4126286257dfd005c1958>). \n \nFlex System Manager| 1.3.1.x| IT12081| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| 1.3.0.x| IT12081| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| 1.2.x.x| IT12081| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| 1.1.x.x| IT12081| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T01:29:44", "type": "ibm", "title": "Security Bulletin: A security vulnerability with openssh affects IBM Flex System Manager (CVE-2015-5600)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2018-06-18T01:29:44", "id": "FC6C4426C76B592E968FD3C9EA26406E90FB3C95C30F68EC9CCD547D24485997", "href": "https://www.ibm.com/support/pages/node/681595", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-21T01:50:48", "description": "## Summary\n\nA security vulnerability has been discovered in OpenSSH used with IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5600_](<https://vulners.com/cve/CVE-2015-5600>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104877_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104877>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.2 \nIBM Security Network Protection 5.3.1 \nIBM Security Network Protection 5.3.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0013 from [_IBM Fix Central_](<http://www-933.ibm.com/support/fixcentral/>) and upload and install via the Fix Packs page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.6 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.2| Install Firmware 5.3.2.1 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:31:49", "type": "ibm", "title": "Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Protection (CVE-2015-5600)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2018-06-16T21:31:49", "id": "BBAF4A8874B4E6550EACD53B3B3956D87F91956BE43B6AC0570EF1AE5320225C", "href": "https://www.ibm.com/support/pages/node/270015", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-23T21:39:14", "description": "## Summary\n\nIBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerability in OpenSSH.\n\n## Vulnerability Details\n\n## Summary\n\nIBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerability in OpenSSH.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-5600](<https://vulners.com/cve/CVE-2015-5600>)\n\n**Description:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/104877> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nProduct | Affected Version \n---|--- \nIBM BladeCenter Advanced Management Module (AMM) | bpet66n-3.66n \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: \n<http://www.ibm.com/support/fixcentral/>\n\nProduct | Fixed Version \n---|--- \nIBM BladeCenter Advanced Management Module (AMM) \nibm_fw_amm_bpet66p-3.66p_anyos_noarch | bpet66p-3.66p \n \nYou should verify applying this fix does not cause any compatibility issues.\n\n## Workarounds and Mitigations:\n\nNone.\n\n## References:\n\n * [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide.html>)\n * [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n08 March 2016: Original version published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2020-11-02T20:22:51", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSH affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-5600)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2020-11-02T20:22:51", "id": "52BACDC88952FDDA0E2AD245BFF0C77AD954ADED8187759D72D88112EE7DF7F4", "href": "https://www.ibm.com/support/pages/node/868466", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-21T21:38:36", "description": "## Summary\n\nOpensh is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-5600_](<https://vulners.com/cve/CVE-2015-5600>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104877_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104877>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\n \nPower HMC V7.3.0.0 \nPower HMC V7.9.0.0 \nPower HMC V8.1.0.0 \nPower HMC V8.2.0.0 \nPower HMC V8.3.0.0 \nPower HMC V8.4.0.0 \n\n## Remediation/Fixes\n\n \n\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.3.0 SP1\n\n| \n\nMB03972\n\n| \n\n[Apply eFix MH01577](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.3.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV7.7.9.0 SP2\n\n| \n\nMB03974\n\n| \n\n[Apply eFix MH01579](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V7R7.9.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.1.0 SP2\n\n| \n\nMB03975\n\n| \n\n[Apply eFix MH01580](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.1.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.2.0 SP2\n\n| \n\nMB03976\n\n| \n\n[Apply eFix MH01581](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.2.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.3.0 SP1\n\n| \n\nMB03977\n\n| \n\n[Apply eFix MH01582](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.3.0&platform=All&function=all>) \n \nPower HMC\n\n| \n\nV8.8.4.0\n\n| \n\nMH01559\n\n| \n\n[Apply eFix MH01560](<http://www-933.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMC&release=V8R8.4.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in openssh affect Power Hardware Management Console (CVE-2015-5600)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2021-09-23T01:31:39", "id": "EDF4B5A27866764F46339E29215E0B00F97C916965ECE1597B9CD93AA0C2F432", "href": "https://www.ibm.com/support/pages/node/666609", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-23T21:52:13", "description": "## Summary\n\nIBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following CVE.\n\n## Vulnerability Details\n\n## Summary\n\nIBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module &amp; SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following CVE.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-5600](<https://vulners.com/cve/CVE-2015-5600>)\n\n**Description:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/104877> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nProduct | Affected Version \n---|--- \nIBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru | 9.1 \nQLogic 8Gb Intelligent Pass-thru Module &amp; SAN Switch Module for BladeCenter | 7.10 \nQLogic Virtual Fabric Extension Module for IBM BladeCenter | 9.0 \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\nProduct | Fixed Version \n---|--- \nIBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru \n(qlgc_fw_flex_9.1.7.01.00_anyos_noarch) | 9.1.7.01.00 \nQLogic 8Gb Intelligent Pass-thru Module &amp; SAN Switch Module for BladeCenter \n(qlgc_fw_bcsw_7.10.1.37.00_anyos_noarch) | 7.10.1.37.00 \nQLogic Virtual Fabric Extension Module for IBM BladeCenter \n(qlgc_fw_bcsw_9.0.3.14.00_anyos_noarch) | 9.0.3.14.0 \n \n## Workarounds and Mitigations:\n\nNone\n\n## References:\n\n * [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide.html>)\n * [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n25 November 2015: Original version published \n17 March 2016: Revised version published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2019-01-31T02:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2015-5600)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2019-01-31T02:10:01", "id": "EF5B2D0A9632D9FCC8D5F4EF59632AD918EDECF151F6DE1111A719008C90C99A", "href": "https://www.ibm.com/support/pages/node/868202", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-21T21:56:14", "description": "## Summary\n\nMultiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1819_](<https://vulners.com/cve/CVE-2015-1819>) \n**DESCRIPTION:** Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error in the xmlreader when processing XML data. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107272_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107272>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2015-5600_](<https://vulners.com/cve/CVE-2015-5600>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104877_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104877>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2015-7183_](<https://vulners.com/cve/CVE-2015-7183>) \n**DESCRIPTION:** Mozilla Firefox is vulnerable to a denial of service, caused by an integer overflow in the Netscape Portable Runtime (NSPR) in PL_ARENA_ALLOCATE. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107816_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107816>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2015-7181_](<https://vulners.com/cve/CVE-2015-7181>) \n**DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-poison in the sec_asn1d_parse_leaf() function. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107814_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107814>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2015-7182_](<https://vulners.com/cve/CVE-2015-7182>) \n**DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when decoding constructed OCTET STRING. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107815_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107815>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance\n\n## Remediation/Fixes\n\nIf you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact [_IBM support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>).\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:32:50", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1819, CVE-2015-5600, CVE-2015-7183, CVE-2015-7181, CVE-2015-7182)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1819", "CVE-2015-5600", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183"], "modified": "2018-06-17T22:32:50", "id": "AD4937D18C8A9E735B7C1F011C45A2FCB0DC33D764CF91595734E6C29B01C5E0", "href": "https://www.ibm.com/support/pages/node/619225", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-23T21:51:36", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by Integrated Management Module II (IMM2).\n\n## Vulnerability Details\n\n## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by Integrated Management Module II (IMM2).\n\nIntegrated Management Module II (IMM2) has addressed the vulnerabilities listed below.\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2015-4000](<https://vulners.com/cve/CVE-2015-4000>)\n\n**Description:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\".\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103294> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>)\n\n**Description:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system.\n\nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103782> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103780> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>)\n\n**Description:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103609> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1781](<https://vulners.com/cve/CVE-2015-1781>)\n\n**Description:** GNU C Library (glibc) is vulnerable to a buffer overflow, caused by improper bounds checking by the gethostbyname_r() and other related functions. By sending a specially-crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system elevated privileges or cause the application to crash.\n\nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/102500> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n**CVE-ID:** [CVE-2013-2207](<https://vulners.com/cve/CVE-2013-2207>)\n\n**Description:** The GNU C Library (glibc) could allow a local attacker to bypass security restrictions, caused by an error in the pt_chown() function. An attacker could exploit this vulnerability to gain unauthorized access to the pseudoterminal of other users.\n\nCVSS Base Score: 2.1 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/86914> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-8121](<https://vulners.com/cve/CVE-2014-8121>)\n\n**Description:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/102652> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-5600](<https://vulners.com/cve/CVE-2015-5600>)\n\n**Description:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/104877> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected products and versions\n\nProduct | Affected Version \n---|--- \nIntegrated Management Module 2 (IMM2) for BladeCenter | 1AOO66M \nIntegrated Management Module 2 (IMM2) for System x | 1AOO66M \nIntegrated Management Module 2 (IMM2) for Flex Systems | 1AOO66O \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\nProduct | Fixed Version \n---|--- \nIntegrated Management Module 2 (IMM2) for BladeCenter \n(ibm_fw_imm2_1aoo68l-5.20_bc_anyos_noarch) | 1AOO68L \u2014 5.20 \nIntegrated Management Module 2 (IMM2) for System x \n(ibm_fw_imm2_1aoo68l-5.20_anyos_noarch) | 1AOO68L \u2014 5.20 \nIntegrated Management Module 2 (IMM2) for Flex Systems \n(ibm_fw_imm2_1aoo68l-5.20_anyos_noarch) | 1AOO68L \u2014 5.20 \n \nFor **CVE-2015-4000**: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## Workarounds and Mitigations\n\nNone.\n\n## References\n\n * [Complete CVSS V2 Guide](<http://www.first.org/cvss/v2/guide>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * [Complete CVSS V3 Guide](<http://www.first.org/cvss/user-guide>)\n * [On-line Calculator V3](<http://www.first.org/cvss/calculator/3.0>)\n\n**Related Information** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>)\n\n**Acknowledgement**\n\nReported to IBM by The WeakDH team at <https://weakdh.org>.\n\n**Change History** \n01 December 2015: Original Version Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:25:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2207", "CVE-2014-8121", "CVE-2014-8176", "CVE-2015-1781", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000", "CVE-2015-5600"], "modified": "2019-01-31T02:25:02", "id": "B48A934A561B5DA138A664173E19E268F2190EB9B23DD117254F13BA1342F809", "href": "https://www.ibm.com/support/pages/node/868230", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-21T01:50:43", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Proventia Network Enterprise Scanner. This bulletin addresses the applicable CVEs as well as other CVEs related to glibc, gcc, Net-SNMP, and OpenSSH. \n \nCVE-2015-5600, CVE-2016-0701, CVE-2015-3197, \nCVE-2015-8777, CVE-2015-3193, CVE-2015-3194, \nCVE-2015-3195, CVE-2015-3196, CVE-2015-1794, \nCVE-2014-3565, CVE-2015-5277,CVE-2015-5276 \n\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-5600_](<https://vulners.com/cve/CVE-2015-5600>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104877_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104877>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0701_](<https://vulners.com/cve/CVE-2016-0701>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by the use of weak Diffie-Hellman parameters based on unsafe primes that are generated and stored in X9.42-style parameter files. By performing multiple handshakes using the same private DH exponent, an attacker could exploit this vulnerability to conduct man-in-the-middle attacks. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110234_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110234>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2015-3197_](<https://vulners.com/cve/CVE-2015-3197>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSLv2 ciphers by malicious SSL/TLS clients. An attacker could exploit this vulnerability to conduct man-in-the-middle attacks. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110235_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110235>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n \n \n**CVEID:** [_CVE-2015-8777_](<https://vulners.com/cve/CVE-2015-8777>)** \nDESCRIPTION:** GNU C Library (glibc or libc6) could allow a local attacker to bypass security restrictions, caused by an error in elf/rtld.c. By using a zero value of the LD_POINTER_GUARD environment variable, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109775_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109775>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2015-3193_](<https://vulners.com/cve/CVE-2015-3193>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the x86_64 Montgomery squaring procedure. An attacker with online access to an unpatched system could exploit this vulnerability to obtain private key information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108502_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108502>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2015-3194_](<https://vulners.com/cve/CVE-2015-3194>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when verifying certificates via a malformed routine. An attacker could exploit this vulnerability using signature verification routines with an absent PSS parameter to cause any certificate verification operation to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108503_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108503>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-3195_](<https://vulners.com/cve/CVE-2015-3195>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a memory leak in a malformed X509_ATTRIBUTE structure. An attacker could exploit this vulnerability to obtain CMS data and other sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108504_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108504>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-3196_](<https://vulners.com/cve/CVE-2015-3196>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a race condition when PSK identity hints are received by a multi-threaded client and the SSL_CTX structure is updated with the incorrect value. An attacker could exploit this vulnerability to possibly corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108505_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108505>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-1794_](<https://vulners.com/cve/CVE-2015-1794>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. An attacker could exploit this vulnerability to trigger a segfault and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108539_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108539>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [_CVE-2014-3565_](<https://vulners.com/cve/CVE-2014-3565>)** \nDESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the \"-OQ\" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95638_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95638>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-5277_](<https://vulners.com/cve/CVE-2015-5277>)** \nDESCRIPTION:** GNU C Library (glibc) could allow a local attacker to gain elevated privileges on the system, caused by a heap corruption error in the nss_files backend for the Name Service Switch. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108484_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108484>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nEnterprise Scanner 2.3\n\n## Remediation/Fixes\n\nPlease contact support.\n\n## Workarounds and Mitigations\n\nCustomers that are using Proventia Network Enterprise Scanner are advised to upgrade to IBM Security QRadar Vulnerability Manager. \n \nPlease contact support for more information using <http://www.ibm.com/support/docview.wss?uid=swg21446948>\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:41:08", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in OpenSSL, glibc, gcc, Net-SNMP, and OpenSSH affect IBM Security Proventia Network Enterprise Scanner", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3565", "CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2015-5276", "CVE-2015-5277", "CVE-2015-5600", "CVE-2015-8777", "CVE-2016-0701"], "modified": "2018-06-16T21:41:08", "id": "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "href": "https://www.ibm.com/support/pages/node/275789", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-21T01:44:54", "description": "## Summary\n\nVulnerability in libxml, openssh, PAM, Firefox, affects IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance (CVE-2015-1819, CVE-2015-3238, CVE-2015-5600 and others).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1819_](<https://vulners.com/cve/CVE-2015-1819>)** \nDESCRIPTION:** Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error in the xmlreader when processing XML data. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107272_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107272>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n \n**CVEID:** [_CVE-2015-3238_](<https://vulners.com/cve/CVE-2015-3238>)** \nDESCRIPTION:** Linux-PAM could allow a local attacker to obtain sensitive information, caused by an error in the _unix_run_helper_binary function in the pam_unix module. An attacker could exploit this vulnerability using an overly large password to enumerate usernames and cause the system to hang. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106368_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106368>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n**CVEID:** [_CVE-2015-5600_](<https://vulners.com/cve/CVE-2015-5600>)** \nDESCRIPTION:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim's password. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104877_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104877>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n\n**CVEID:** [_CVE-2015-4513_](<https://vulners.com/cve/CVE-2015-4513>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107789_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107789>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-4514_](<https://vulners.com/cve/CVE-2015-4514>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107790_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107790>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-4515_](<https://vulners.com/cve/CVE-2015-4515>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the population of the Workstation field with the hostname of the system making the request. By persuading a victim to visit a specially-crafted Web site and sending a silent NTLM request, ne attacker could exploit this vulnerability to obtain the hostname and Windows domain. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107791_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107791>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-4518_](<https://vulners.com/cve/CVE-2015-4518>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an insecure allowlist that allows HTML content. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass CSP protections of Reader mode and possibly launch cross-site scripting attacks. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107792_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107792>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7181_](<https://vulners.com/cve/CVE-2015-7181>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-poison in the sec_asn1d_parse_leaf() function. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107814_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107814>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7182_](<https://vulners.com/cve/CVE-2015-7182>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when decoding constructed OCTET STRING. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107815_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107815>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7183_](<https://vulners.com/cve/CVE-2015-7183>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a denial of service, caused by an integer overflow in the Netscape Portable Runtime (NSPR) in PL_ARENA_ALLOCATE. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107816_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107816>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7184_](<https://vulners.com/cve/CVE-2015-7184>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the improper implementation of the Cross-Origin Resource Sharing (CORS) specification by the fetch() API. An attacker could exploit this vulnerability to bypass cross-origin resource sharing (CORS) restrictions and gain access private data from other origins. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7185_](<https://vulners.com/cve/CVE-2015-7185>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the failure to restore the address bar when the window is redrawn in normal mode when Firefox for Android exits fullscreen mode. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to spoof the address bar. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107793_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107793>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7186_](<https://vulners.com/cve/CVE-2015-7186>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the downloading of a locally saved HTML file could use file: URIs. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to open cached data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107794_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107794>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7187_](<https://vulners.com/cve/CVE-2015-7187>)** \nDESCRIPTION:** Mozilla Firefox could provide weaker than expected security, caused by an error when a panel is created using the Add-on SDK in a browser extension. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to possibly execute script content in an extension that has been disabled. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107795_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107795>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7188_](<https://vulners.com/cve/CVE-2015-7188>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the different evaluation of trailing whitespaces when parsing IP addresses instead of alphanumeric hostnames. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass same-origin policy and possibly conduct cross-site scripting attacks. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107796_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107796>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7192_](<https://vulners.com/cve/CVE-2015-7192>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a denial of service, caused by an error related to the requesting of the index of a table row through the NSAccessibilityIndexAttribute value by the accessibility tool. An attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107805_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107805>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7189_](<https://vulners.com/cve/CVE-2015-7189>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a buffer overflow, caused by improper bounds checking by the JPEGEncoder function. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107797_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107797>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7190_](<https://vulners.com/cve/CVE-2015-7190>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the registering and launching of a search engine through an Android intent. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to load local HTML files and obtain sensitive information. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107798_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107798>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7191_](<https://vulners.com/cve/CVE-2015-7191>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to cross-site scripting, caused by improper sterilization of opened addresses. A remote attacker could exploit this vulnerability using Android intents and fallback navigation to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107804_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107804>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7193_](<https://vulners.com/cve/CVE-2015-7193>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an implementation error with cross-origin resource sharing (CORS) preflight requests when receiving non-standard Content-Type headers. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass CORS preflight. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107806_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107806>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7200_](<https://vulners.com/cve/CVE-2015-7200>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by missing status check in CryptoKey. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107812_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107812>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7194_](<https://vulners.com/cve/CVE-2015-7194>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a denial of service, caused by a buffer underflow in libjar. By persuading a victim to open a specially-crafted ZIP file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107807_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107807>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7195_](<https://vulners.com/cve/CVE-2015-7195>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the incorrect parsing of certain escaped characters in hostnames. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect the victim to a different site. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107808_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107808>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7196_](<https://vulners.com/cve/CVE-2015-7196>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a denial of service, caused by the deallocation of a JavaScript wrapper while it is still in use by the java plugin. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to cause a JavaScript garbage collection crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107809_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107809>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7197_](<https://vulners.com/cve/CVE-2015-7197>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error in a mechanism when web workers are used to create WebSockets. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to bypass mixed content WebSocket policy and launch further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107813_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107813>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7198_](<https://vulners.com/cve/CVE-2015-7198>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a buffer overflow, caused by improper bounds checking by TextureStorage11 in the ANGLE graphics library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107810_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107810>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7199_](<https://vulners.com/cve/CVE-2015-7199>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by missing status checks in AddWeightedPathSegLists and SVGPathSegListSMILType::Interpolate. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107811_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107811>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance.\n\n## Remediation/Fixes\n\nIf you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact [_IBM support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:30:14", "type": "ibm", "title": "Security Bulletin: Vulnerability in libxml, openssh, PAM, Firefox, affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1819", "CVE-2015-3238", "CVE-2015-4513", "CVE-2015-4514", "CVE-2015-4515", "CVE-2015-4518", "CVE-2015-5600", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7184", "CVE-2015-7185", "CVE-2015-7186", "CVE-2015-7187", "CVE-2015-7188", "CVE-2015-7189", "CVE-2015-7190", "CVE-2015-7191", "CVE-2015-7192", "CVE-2015-7193", "CVE-2015-7194", "CVE-2015-7195", "CVE-2015-7196", "CVE-2015-7197", "CVE-2015-7198", "CVE-2015-7199", "CVE-2015-7200"], "modified": "2018-06-17T22:30:14", "id": "0DCD9ACCB7D7E63C07AF13F2863C1CF1814C736C4EC36EFBC550DE8540180B4C", "href": "https://www.ibm.com/support/pages/node/271369", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-28T22:07:08", "description": "## Question\n\nWhat Technotes exist for the IBM Security Network Protection / IBM QRadar Network Security (XGS) sensor?\n\n## Answer\n\nThe content below includes a list of all technical notes published under IBM Security Network Protection / IBM QRadar Network Security by category and sorted by popularity. Users can expand or collapse each section below using the + / - buttons. As new documentation is released, this content will be updated and new articles added. Click Expand All prior to starting a CTRL-F search. \n\n## IBM QRadar Network Security, IBM Security Network Protection\n\nExpand All\n\n\\+ \\--\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[7047980](<http://www.ibm.com/support/docview.wss?uid=swg27047980>) | [May 2018 Newsletter from Infrastructure Security Support ](<http://www.ibm.com/support/docview.wss?uid=swg27047980>) | 2018-05-24 | 1 \n[1998843](<http://www.ibm.com/support/docview.wss?uid=swg21998843>) | [IBM QRadar Network Security firmware update 5.4.0 release notes](<http://www.ibm.com/support/docview.wss?uid=swg21998843>) | 2017-05-08 | 2 \n[2010305](<http://www.ibm.com/support/docview.wss?uid=swg22010305>) | [Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011)](<http://www.ibm.com/support/docview.wss?uid=swg22010305>) | 2018-02-15 | 3 \n[1902736](<http://www.ibm.com/support/docview.wss?uid=swg21902736>) | [System requirements for IBM QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21902736>) | 2017-04-14 | 4 \n[2003331](<http://www.ibm.com/support/docview.wss?uid=swg22003331>) | [5.3.3.2-ISS-XGS-All-Models-Hotfix-IF0007](<http://www.ibm.com/support/docview.wss?uid=swg22003331>) | 2017-05-15 | 5 \n[2008340](<http://www.ibm.com/support/docview.wss?uid=swg22008340>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in openssh (CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515)](<http://www.ibm.com/support/docview.wss?uid=swg22008340>) | 2018-02-15 | 6 \n[2008339](<http://www.ibm.com/support/docview.wss?uid=swg22008339>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in tcpdump](<http://www.ibm.com/support/docview.wss?uid=swg22008339>) | 2018-02-15 | 7 \n[2008854](<http://www.ibm.com/support/docview.wss?uid=swg22008854>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel](<http://www.ibm.com/support/docview.wss?uid=swg22008854>) | 2018-02-15 | 8 \n[2008853](<http://www.ibm.com/support/docview.wss?uid=swg22008853>) | [Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc](<http://www.ibm.com/support/docview.wss?uid=swg22008853>) | 2018-02-15 | 9 \n[2009835](<http://www.ibm.com/support/docview.wss?uid=swg22009835>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800)](<http://www.ibm.com/support/docview.wss?uid=swg22009835>) | 2018-02-15 | 10 \n[2007316](<http://www.ibm.com/support/docview.wss?uid=swg22007316>) | [5.4.0.1-ISS-XGS-All-Models-Hotfix-IF0004](<http://www.ibm.com/support/docview.wss?uid=swg22007316>) | 2017-08-24 | 11 \n[2001911](<http://www.ibm.com/support/docview.wss?uid=swg22001911>) | [Unable to upgrade IBM QRadar Network Security firmware version 5.3.x to 5.4.x from the inserted USB flash drive.](<http://www.ibm.com/support/docview.wss?uid=swg22001911>) | 2017-12-11 | 12 \n[2007535](<http://www.ibm.com/support/docview.wss?uid=swg22007535>) | [Security Bulletin: IBM QRadar Network Security is affected by a less-secure algorithm during negotiations vulnerability (CVE-2017-1491)](<http://www.ibm.com/support/docview.wss?uid=swg22007535>) | 2018-02-15 | 13 \n[1996987](<http://www.ibm.com/support/docview.wss?uid=swg21996987>) | [IBM QRadar Network Security 5.4 Web Services API ](<http://www.ibm.com/support/docview.wss?uid=swg21996987>) | 2017-04-18 | 14 \n[2007918](<http://www.ibm.com/support/docview.wss?uid=swg22007918>) | [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg22007918>) | 2018-02-15 | 15 \n[1988573](<http://www.ibm.com/support/docview.wss?uid=swg21988573>) | [IBM QRadar Network Security (XGS) Web Services API](<http://www.ibm.com/support/docview.wss?uid=swg21988573>) | 2017-04-14 | 16 \n[2007554](<http://www.ibm.com/support/docview.wss?uid=swg22007554>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in bash (CVE-2016-9401, CVE-2016-7543, CVE-2016-0634)](<http://www.ibm.com/support/docview.wss?uid=swg22007554>) | 2018-02-15 | 17 \n[1995440](<http://www.ibm.com/support/docview.wss?uid=swg21995440>) | [Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718) ](<http://www.ibm.com/support/docview.wss?uid=swg21995440>) | 2018-02-15 | 18 \n[7049539](<http://www.ibm.com/support/docview.wss?uid=swg27049539>) | [Open Mic replay: What is new in the latest XGS firmware updates - 29 March 2017 (Includes link to video; presentation is attached)](<http://www.ibm.com/support/docview.wss?uid=swg27049539>) | 2017-04-15 | 19 \n[2007557](<http://www.ibm.com/support/docview.wss?uid=swg22007557>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in libtasn1 (CVE-2015-3622, CVE-2015-2806)](<http://www.ibm.com/support/docview.wss?uid=swg22007557>) | 2018-02-15 | 20 \n[2003343](<http://www.ibm.com/support/docview.wss?uid=swg22003343>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22003343>) | 2018-02-15 | 21 \n[2007551](<http://www.ibm.com/support/docview.wss?uid=swg22007551>) | [Security Bulletin: IBM QRadar Network Security is affected by potential issues of XML External Entity Injection (CVE-2017-1458)](<http://www.ibm.com/support/docview.wss?uid=swg22007551>) | 2018-02-15 | 22 \n[2004744](<http://www.ibm.com/support/docview.wss?uid=swg22004744>) | [Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel](<http://www.ibm.com/support/docview.wss?uid=swg22004744>) | 2018-02-15 | 23 \n[2007315](<http://www.ibm.com/support/docview.wss?uid=swg22007315>) | [5.4.0.1-ISS-XGS-All-Models-Hotfix-IF0003 ](<http://www.ibm.com/support/docview.wss?uid=swg22007315>) | 2017-08-24 | 24 \n[2007550](<http://www.ibm.com/support/docview.wss?uid=swg22007550>) | [Security Bulletin: IBM QRadar Network Security is affected by potential issues of Cross-Site Scripting (CVE-2017-1457)](<http://www.ibm.com/support/docview.wss?uid=swg22007550>) | 2018-02-15 | 25 \n[2007539](<http://www.ibm.com/support/docview.wss?uid=swg22007539>) | [Security Bulletin: IBM QRadar Network Security has updated commons-fileupload for known vulnerabilities (CVE-2016-3092)](<http://www.ibm.com/support/docview.wss?uid=swg22007539>) | 2018-02-15 | 26 \n[2007553](<http://www.ibm.com/support/docview.wss?uid=swg22007553>) | [Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in Curl (CVE-2016-7167)](<http://www.ibm.com/support/docview.wss?uid=swg22007553>) | 2018-02-15 | 27 \n[1987978](<http://www.ibm.com/support/docview.wss?uid=swg21987978>) | [Security Bulletin: Vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2015-5352, CVE-2015-6563, and CVE-2015-6564) ](<http://www.ibm.com/support/docview.wss?uid=swg21987978>) | 2018-02-15 | 28 \n[2005764](<http://www.ibm.com/support/docview.wss?uid=swg22005764>) | [Security Bulletin: IBM Security Network Protection is affected by a vulnerability in glibc](<http://www.ibm.com/support/docview.wss?uid=swg22005764>) | 2018-02-15 | 29 \n[1979372](<http://www.ibm.com/support/docview.wss?uid=swg21979372>) | [Security Bulletin: A vulnerability in libssh2 affects IBM Security Network Protection (CVE-2016-0787) ](<http://www.ibm.com/support/docview.wss?uid=swg21979372>) | 2018-02-15 | 30 \n[1996290](<http://www.ibm.com/support/docview.wss?uid=swg21996290>) | [5.3.3-ISS-XGS-All-Models-Hotfix-IF0007](<http://www.ibm.com/support/docview.wss?uid=swg21996290>) | 2017-04-14 | 31 \n[2007552](<http://www.ibm.com/support/docview.wss?uid=swg22007552>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel](<http://www.ibm.com/support/docview.wss?uid=swg22007552>) | 2018-02-15 | 32 \n[1988243](<http://www.ibm.com/support/docview.wss?uid=swg21988243>) | [5.3.2.3-ISS-XGS-All-Models-Hotfix-IF0007](<http://www.ibm.com/support/docview.wss?uid=swg21988243>) | 2017-04-14 | 33 \n[1993670](<http://www.ibm.com/support/docview.wss?uid=swg21993670>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, and CVE-2016-5542)](<http://www.ibm.com/support/docview.wss?uid=swg21993670>) | 2018-02-15 | 34 \n[1996808](<http://www.ibm.com/support/docview.wss?uid=swg21996808>) | [5.3.1.11-ISS-XGS-All-Models-Hotfix-IF0002](<http://www.ibm.com/support/docview.wss?uid=swg21996808>) | 2017-04-14 | 35 \n[2001802](<http://www.ibm.com/support/docview.wss?uid=swg22001802>) | [5.3.3.2-ISS-XGS-All-Models-Hotfix-IF0005](<http://www.ibm.com/support/docview.wss?uid=swg22001802>) | 2017-04-18 | 36 \n[1980157](<http://www.ibm.com/support/docview.wss?uid=swg21980157>) | [Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2015-8629, and CVE-2015-8631) ](<http://www.ibm.com/support/docview.wss?uid=swg21980157>) | 2018-02-15 | 37 \n[1991724](<http://www.ibm.com/support/docview.wss?uid=swg21991724>) | [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection ](<http://www.ibm.com/support/docview.wss?uid=swg21991724>) | 2018-02-15 | 38 \n[1999248](<http://www.ibm.com/support/docview.wss?uid=swg21999248>) | [Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Protection (CVE-2015-8325)](<http://www.ibm.com/support/docview.wss?uid=swg21999248>) | 2018-02-15 | 39 \n[2003045](<http://www.ibm.com/support/docview.wss?uid=swg22003045>) | [Security Bulletin: IBM Security Network Protection is affected by Vulnerabilities in GNU Bash](<http://www.ibm.com/support/docview.wss?uid=swg22003045>) | 2018-02-15 | 40 \n[2003046](<http://www.ibm.com/support/docview.wss?uid=swg22003046>) | [Security Bulletin: IBM Security Network Protection is affected by a vulnerability in coreutils (util-linux)](<http://www.ibm.com/support/docview.wss?uid=swg22003046>) | 2018-02-15 | 41 \n[2003341](<http://www.ibm.com/support/docview.wss?uid=swg22003341>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection ](<http://www.ibm.com/support/docview.wss?uid=swg22003341>) | 2018-02-15 | 42 \n[7049549](<http://www.ibm.com/support/docview.wss?uid=swg27049549>) | [IBM Infrastructure Security Support February 2017 Newsletter ](<http://www.ibm.com/support/docview.wss?uid=swg27049549>) | 2017-04-15 | 43 \n[2005379](<http://www.ibm.com/support/docview.wss?uid=swg22005379>) | [Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc (CVE-2017-1000366)](<http://www.ibm.com/support/docview.wss?uid=swg22005379>) | 2018-02-15 | 44 \n[7050074](<http://www.ibm.com/support/docview.wss?uid=swg27050074>) | [IBM Infrastructure Security Support June 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050074>) | 2017-07-17 | 45 \n[1961717](<http://www.ibm.com/support/docview.wss?uid=swg21961717>) | [Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Security Network Protection (CVE-2015-4000) ](<http://www.ibm.com/support/docview.wss?uid=swg21961717>) | 2018-02-15 | 46 \n[1992187](<http://www.ibm.com/support/docview.wss?uid=swg21992187>) | [IBM QRadar Network Security XGS 5200/7100 fails to start](<http://www.ibm.com/support/docview.wss?uid=swg21992187>) | 2017-05-16 | 47 \n[7050656](<http://www.ibm.com/support/docview.wss?uid=swg27050656>) | [IBM Infrastructure Security Support November 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050656>) | 2017-12-18 | 48 \n[1984583](<http://www.ibm.com/support/docview.wss?uid=swg21984583>) | [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21984583>) | 2018-02-15 | 49 \n[2000992](<http://www.ibm.com/support/docview.wss?uid=swg22000992>) | [Blocking tunneled packets in IBM QRadar Network Security XGS appliance](<http://www.ibm.com/support/docview.wss?uid=swg22000992>) | 2017-07-16 | 50 \n[2001907](<http://www.ibm.com/support/docview.wss?uid=swg22001907>) | [Security Bulletin: Vulnerabilities in GNU C library (glibc) affect IBM Security Network Protection ](<http://www.ibm.com/support/docview.wss?uid=swg22001907>) | 2018-02-15 | 51 \n[2003633](<http://www.ibm.com/support/docview.wss?uid=swg22003633>) | [Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in coreutils (util-linux)](<http://www.ibm.com/support/docview.wss?uid=swg22003633>) | 2018-02-15 | 52 \n[7049861](<http://www.ibm.com/support/docview.wss?uid=swg27049861>) | [IBM Infrastructure Security Support April 2017 Newsletter ](<http://www.ibm.com/support/docview.wss?uid=swg27049861>) | 2017-05-20 | 53 \n[7050269](<http://www.ibm.com/support/docview.wss?uid=swg27050269>) | [IBM Infrastructure Security Support August 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050269>) | 2017-09-18 | 54 \n[1961447](<http://www.ibm.com/support/docview.wss?uid=swg21961447>) | [Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21961447>) | 2018-02-15 | 55 \n[1985122](<http://www.ibm.com/support/docview.wss?uid=swg21985122>) | [Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21985122>) | 2018-02-15 | 56 \n[1985753](<http://www.ibm.com/support/docview.wss?uid=swg21985753>) | [Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection ](<http://www.ibm.com/support/docview.wss?uid=swg21985753>) | 2018-02-15 | 57 \n[1990083](<http://www.ibm.com/support/docview.wss?uid=swg21990083>) | [Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 ) ](<http://www.ibm.com/support/docview.wss?uid=swg21990083>) | 2018-02-15 | 58 \n[1994071](<http://www.ibm.com/support/docview.wss?uid=swg21994071>) | [Security Bulletin: A vulnerability in GnuPG libgcrypt affects IBM Security Network Protection (CVE-2016-6313) ](<http://www.ibm.com/support/docview.wss?uid=swg21994071>) | 2018-02-15 | 59 \n[1997604](<http://www.ibm.com/support/docview.wss?uid=swg21997604>) | [Network interface module population changes on the XGS appliance are not reflected on the managing SiteProtector System](<http://www.ibm.com/support/docview.wss?uid=swg21997604>) | 2017-04-18 | 60 \n[1999246](<http://www.ibm.com/support/docview.wss?uid=swg21999246>) | [Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21999246>) | 2018-02-15 | 61 \n[2001184](<http://www.ibm.com/support/docview.wss?uid=swg22001184>) | [Pressing and holding the power button does not shut down the IBM QRadar Network Security XGS 5200 appliance](<http://www.ibm.com/support/docview.wss?uid=swg22001184>) | 2017-06-19 | 62 \n[2002507](<http://www.ibm.com/support/docview.wss?uid=swg22002507>) | [Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106)](<http://www.ibm.com/support/docview.wss?uid=swg22002507>) | 2018-02-15 | 63 \n[7039297](<http://www.ibm.com/support/docview.wss?uid=swg27039297>) | [Network Protection documentation update: Setting up SSL inspection for the Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg27039297>) | 2017-08-09 | 64 \n[7049965](<http://www.ibm.com/support/docview.wss?uid=swg27049965>) | [IBM Infrastructure Security Support May 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27049965>) | 2017-06-27 | 65 \n[7050550](<http://www.ibm.com/support/docview.wss?uid=swg27050550>) | [IBM Infrastructure Security Support October 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050550>) | 2018-05-24 | 66 \n[1903520](<http://www.ibm.com/support/docview.wss?uid=swg21903520>) | [Microsoft Update fails when Outbound SSL inspection is enabled](<http://www.ibm.com/support/docview.wss?uid=swg21903520>) | 2018-05-01 | 67 \n[1961467](<http://www.ibm.com/support/docview.wss?uid=swg21961467>) | [Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Protection (CVE-2013-7423, and CVE-2015-1781) ](<http://www.ibm.com/support/docview.wss?uid=swg21961467>) | 2018-02-15 | 68 \n[1964040](<http://www.ibm.com/support/docview.wss?uid=swg21964040>) | [Known Issues for IBM Security Network Protection firmware update 5.3.1.3](<http://www.ibm.com/support/docview.wss?uid=swg21964040>) | 2017-07-17 | 69 \n[1984424](<http://www.ibm.com/support/docview.wss?uid=swg21984424>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21984424>) | 2018-02-15 | 70 \n[1986974](<http://www.ibm.com/support/docview.wss?uid=swg21986974>) | [Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21986974>) | 2018-02-15 | 71 \n[1989336](<http://www.ibm.com/support/docview.wss?uid=swg21989336>) | [Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21989336>) | 2018-02-15 | 72 \n[1995885](<http://www.ibm.com/support/docview.wss?uid=swg21995885>) | [5.3.1.11-XGS-All-Models-Hotfix-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21995885>) | 2017-04-14 | 73 \n[1999162](<http://www.ibm.com/support/docview.wss?uid=swg21999162>) | [Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2016-8610, and CVE-2017-3731)](<http://www.ibm.com/support/docview.wss?uid=swg21999162>) | 2018-02-15 | 74 \n[1999513](<http://www.ibm.com/support/docview.wss?uid=swg21999513>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21999513>) | 2018-02-15 | 75 \n[2002624](<http://www.ibm.com/support/docview.wss?uid=swg22002624>) | [Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106)](<http://www.ibm.com/support/docview.wss?uid=swg22002624>) | 2018-02-15 | 76 \n[2011746](<http://www.ibm.com/support/docview.wss?uid=swg22011746>) | [Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel](<http://www.ibm.com/support/docview.wss?uid=swg22011746>) | 2018-05-01 | 77 \n[2011787](<http://www.ibm.com/support/docview.wss?uid=swg22011787>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg22011787>) | 2018-05-01 | 78 \n[2016549](<http://www.ibm.com/support/docview.wss?uid=swg22016549>) | [Security Bulletin: IBM Security Network Protection is affected by multiple vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg22016549>) | 2018-06-03 | 79 \n[7049238](<http://www.ibm.com/support/docview.wss?uid=swg27049238>) | [IBM Infrastructure Security Support November 2016 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27049238>) | 2017-10-17 | 80 \n[7049645](<http://www.ibm.com/support/docview.wss?uid=swg27049645>) | [IBM Infrastructure Security Support March 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27049645>) | 2018-05-24 | 81 \n[7050420](<http://www.ibm.com/support/docview.wss?uid=swg27050420>) | [IBM Infrastructure Security Support September 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050420>) | 2018-01-15 | 82 \n[7050716](<http://www.ibm.com/support/docview.wss?uid=swg27050716>) | [IBM Infrastructure Security Support December 2017 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050716>) | 2018-05-24 | 83 \n[7050809](<http://www.ibm.com/support/docview.wss?uid=swg27050809>) | [IBM Infrastructure Security Support January 2018 Newsletter](<http://www.ibm.com/support/docview.wss?uid=swg27050809>) | 2018-05-24 | 84 \n[7050900](<http://www.ibm.com/support/docview.wss?uid=swg27050900>) | [February 2018 Newsletter from Infrastructure Security Support ](<http://www.ibm.com/support/docview.wss?uid=swg27050900>) | 2018-05-24 | 85 \n[7050972](<http://www.ibm.com/support/docview.wss?uid=swg27050972>) | [March 2018 Newsletter from Infrastructure Security Support ](<http://www.ibm.com/support/docview.wss?uid=swg27050972>) | 2018-05-24 | 86 \n[7051105](<http://www.ibm.com/support/docview.wss?uid=swg27051105>) | [April 2018 Newsletter from Infrastructure Security Support ](<http://www.ibm.com/support/docview.wss?uid=swg27051105>) | 2018-05-25 | 87 \n \n\\+ Backups and Recovery\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1669579](<http://www.ibm.com/support/docview.wss?uid=swg21669579>) | [Creating snapshots and options on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21669579>) | 2018-05-01 | 1 \n[1974662](<http://www.ibm.com/support/docview.wss?uid=swg21974662>) | [Restoring a QRadar Network Security sensor to factory defaults settings](<http://www.ibm.com/support/docview.wss?uid=swg21974662>) | 2017-08-06 | 2 \n[1695898](<http://www.ibm.com/support/docview.wss?uid=swg21695898>) | [Reimaging the Security Network Protection (XGS) appliance using the PXE image](<http://www.ibm.com/support/docview.wss?uid=swg21695898>) | 2017-04-14 | 3 \n[1437385](<http://www.ibm.com/support/docview.wss?uid=swg21437385>) | [Accessing a recovery CD or DVD for a Proventia or IBM Security appliance](<http://www.ibm.com/support/docview.wss?uid=swg21437385>) | 2018-05-01 | 4 \n \n\\+ Bypass\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1882622](<http://www.ibm.com/support/docview.wss?uid=swg21882622>) | [Security Network Protection built-in bypass general information](<http://www.ibm.com/support/docview.wss?uid=swg21882622>) | 2018-05-01 | 1 \n[1695421](<http://www.ibm.com/support/docview.wss?uid=swg21695421>) | [Protection interfaces on Network Protection flapping in firmware 5.3.0.2 and earlier](<http://www.ibm.com/support/docview.wss?uid=swg21695421>) | 2018-01-29 | 2 \n[1988927](<http://www.ibm.com/support/docview.wss?uid=swg21988927>) | [Hardware bypass can cause port channel to go down on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21988927>) | 2017-09-26 | 3 \n \n\\+ Command Line Interface (CLI)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1984900](<http://www.ibm.com/support/docview.wss?uid=swg21984900>) | [Security Network Protection Command Line Interface (CLI) troubleshooting commands](<http://www.ibm.com/support/docview.wss?uid=swg21984900>) | 2018-05-01 | 1 \n[1883213](<http://www.ibm.com/support/docview.wss?uid=swg21883213>) | [Capturing network traffic on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21883213>) | 2017-10-30 | 2 \n[1903461](<http://www.ibm.com/support/docview.wss?uid=swg21903461>) | [Affected processes when restarting services from the CLI on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21903461>) | 2017-08-28 | 3 \n[7045931](<http://www.ibm.com/support/docview.wss?uid=swg27045931>) | [Open Mic Webcast: Making use of logs and captures on the XGS - Wednesday, 24 June 2015 [includes link to recording; presentation slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27045931>) | 2018-05-23 | 4 \n[1990297](<http://www.ibm.com/support/docview.wss?uid=swg21990297>) | [DPI reenabled after manually disabling it on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21990297>) | 2017-11-06 | 5 \n[1966577](<http://www.ibm.com/support/docview.wss?uid=swg21966577>) | [\"Command failure\" when checking interface status on Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21966577>) | 2017-04-14 | 6 \n[1970266](<http://www.ibm.com/support/docview.wss?uid=swg21970266>) | [System shutdown produces irq 16 error on XGS 7100 sensors](<http://www.ibm.com/support/docview.wss?uid=swg21970266>) | 2017-04-14 | 7 \n \n\\+ Documentation\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1974231](<http://www.ibm.com/support/docview.wss?uid=swg21974231>) | [Security Bulletin: CBC mode ciphers, weak MD5 and MAC algorithms vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2008-5161) ](<http://www.ibm.com/support/docview.wss?uid=swg21974231>) | 2018-02-15 | 1 \n[1986450](<http://www.ibm.com/support/docview.wss?uid=swg21986450>) | [IBM Security Network Protection firmware update 5.3.3 release notes ](<http://www.ibm.com/support/docview.wss?uid=swg21986450>) | 2018-05-28 | 2 \n[1996724](<http://www.ibm.com/support/docview.wss?uid=swg21996724>) | [IBM Security Network Protection firmware update 5.3.3.2 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21996724>) | 2017-04-14 | 3 \n[1993418](<http://www.ibm.com/support/docview.wss?uid=swg21993418>) | [Stacking IBM Security Network Protection XGS Appliance 7100 ](<http://www.ibm.com/support/docview.wss?uid=swg21993418>) | 2017-07-12 | 4 \n[1984078](<http://www.ibm.com/support/docview.wss?uid=swg21984078>) | [IBM Security Network Protection firmware update 5.3.2.3 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21984078>) | 2017-05-10 | 5 \n[1687204](<http://www.ibm.com/support/docview.wss?uid=swg21687204>) | [IBM Security Network Protection 5.3 Web Services API](<http://www.ibm.com/support/docview.wss?uid=swg21687204>) | 2017-10-16 | 6 \n[1993057](<http://www.ibm.com/support/docview.wss?uid=swg21993057>) | [IBM Security Network Protection firmware update 5.3.3.1 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21993057>) | 2017-04-14 | 7 \n[1986529](<http://www.ibm.com/support/docview.wss?uid=swg21986529>) | [IBM Security Network Protection XGS Appliance Machine Code Updates for the firmware update 5.3.3.](<http://www.ibm.com/support/docview.wss?uid=swg21986529>) | 2018-05-27 | 8 \n[1968171](<http://www.ibm.com/support/docview.wss?uid=swg21968171>) | [IBM Security Network Protection firmware update 5.3.2 release notes](<http://www.ibm.com/support/docview.wss?uid=swg21968171>) | 2017-04-14 | 9 \n[1997036](<http://www.ibm.com/support/docview.wss?uid=swg21997036>) | [Optimizing packet processing for an IBM Security Network Protection XGS 7100 appliance with network interface module (NIM) bays partially populated](<http://www.ibm.com/support/docview.wss?uid=swg21997036>) | 2017-04-14 | 10 \n[1902372](<http://www.ibm.com/support/docview.wss?uid=swg21902372>) | [Using the Infrastructure Security support forum in dW Answers](<http://www.ibm.com/support/docview.wss?uid=swg21902372>) | 2018-05-01 | 11 \n[1996693](<http://www.ibm.com/support/docview.wss?uid=swg21996693>) | [Blocking HTTPS websites using domain category objects on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21996693>) | 2018-05-23 | 12 \n[1996771](<http://www.ibm.com/support/docview.wss?uid=swg21996771>) | [IBM Security Network Protection firmware update 5.3.2.6 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21996771>) | 2017-04-14 | 13 \n[1988993](<http://www.ibm.com/support/docview.wss?uid=swg21988993>) | [IBM Security Network Protection firmware update 5.3.2.4 Readme ](<http://www.ibm.com/support/docview.wss?uid=swg21988993>) | 2017-04-14 | 14 \n[1993417](<http://www.ibm.com/support/docview.wss?uid=swg21993417>) | [Configuring IBM Security Network Protection 5.3.3.1 to use flow data collector mode](<http://www.ibm.com/support/docview.wss?uid=swg21993417>) | 2017-04-14 | 15 \n[1694966](<http://www.ibm.com/support/docview.wss?uid=swg21694966>) | [IBM Security Network Protection 5.3.1 Web Services API](<http://www.ibm.com/support/docview.wss?uid=swg21694966>) | 2017-06-27 | 16 \n[1968449](<http://www.ibm.com/support/docview.wss?uid=swg21968449>) | [IBM Security Network Protection firmware update 5.3.1.5 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21968449>) | 2017-04-14 | 17 \n[1978185](<http://www.ibm.com/support/docview.wss?uid=swg21978185>) | [IBM Security Network Protection firmware update 5.3.2.2 Readme ](<http://www.ibm.com/support/docview.wss?uid=swg21978185>) | 2017-04-14 | 18 \n[1974242](<http://www.ibm.com/support/docview.wss?uid=swg21974242>) | [Security Bulletin: A vulnerability in the GSKit component of IBM Security Network Protection Why (CVE-2016-0201)](<http://www.ibm.com/support/docview.wss?uid=swg21974242>) | 2017-04-14 | 19 \n[1993327](<http://www.ibm.com/support/docview.wss?uid=swg21993327>) | [IBM Security Network Protection firmware update 5.3.2.5 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21993327>) | 2017-04-14 | 20 \n[1971777](<http://www.ibm.com/support/docview.wss?uid=swg21971777>) | [Automated Service and Support on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21971777>) | 2017-04-14 | 21 \n[1986088](<http://www.ibm.com/support/docview.wss?uid=swg21986088>) | [Configuring Address objects for the Management Access Policy on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986088>) | 2017-08-24 | 22 \n[1997651](<http://www.ibm.com/support/docview.wss?uid=swg21997651>) | [Configuring Remote Syslog over TLS for IBM Security Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21997651>) | 2018-01-08 | 23 \n[1688361](<http://www.ibm.com/support/docview.wss?uid=swg21688361>) | [Understanding the term User Overridden in regard to security event configurations on GX and XGS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21688361>) | 2018-05-01 | 24 \n[1971601](<http://www.ibm.com/support/docview.wss?uid=swg21971601>) | [IBM Security Network Protection firmware update 5.3.1.6 Readme ](<http://www.ibm.com/support/docview.wss?uid=swg21971601>) | 2017-10-17 | 25 \n[1974524](<http://www.ibm.com/support/docview.wss?uid=swg21974524>) | [IBM Security Network Protection firmware update 5.3.1.7 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21974524>) | 2017-04-14 | 26 \n[1975225](<http://www.ibm.com/support/docview.wss?uid=swg21975225>) | [Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21975225>) | 2017-04-14 | 27 \n[1989026](<http://www.ibm.com/support/docview.wss?uid=swg21989026>) | [IBM Security Network Protection firmware update 5.3.1.10 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21989026>) | 2017-04-14 | 28 \n[2003106](<http://www.ibm.com/support/docview.wss?uid=swg22003106>) | [Reduce link propagation duration on IBM QRadar Network Security (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg22003106>) | 2017-09-13 | 29 \n[1683071](<http://www.ibm.com/support/docview.wss?uid=swg21683071>) | [Security Network Protection Appliance (XGS) stuck in debug mode](<http://www.ibm.com/support/docview.wss?uid=swg21683071>) | 2018-05-01 | 30 \n[1977808](<http://www.ibm.com/support/docview.wss?uid=swg21977808>) | [IBM Security Network Protection 5.3.3 Web Services API](<http://www.ibm.com/support/docview.wss?uid=swg21977808>) | 2018-05-01 | 31 \n[1990337](<http://www.ibm.com/support/docview.wss?uid=swg21990337>) | [Using RESTful API to modify policies on the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21990337>) | 2017-04-14 | 32 \n[1993329](<http://www.ibm.com/support/docview.wss?uid=swg21993329>) | [IBM Security Network Protection firmware update 5.3.1.11 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21993329>) | 2017-04-14 | 33 \n[1966695](<http://www.ibm.com/support/docview.wss?uid=swg21966695>) | [Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Protection (CVE-2015-5621) ](<http://www.ibm.com/support/docview.wss?uid=swg21966695>) | 2017-04-14 | 34 \n[1966972](<http://www.ibm.com/support/docview.wss?uid=swg21966972>) | [Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21966972>) | 2017-04-14 | 35 \n[1977281](<http://www.ibm.com/support/docview.wss?uid=swg21977281>) | [Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-7547)](<http://www.ibm.com/support/docview.wss?uid=swg21977281>) | 2017-04-14 | 36 \n[1692722](<http://www.ibm.com/support/docview.wss?uid=swg21692722>) | [Requirement for managing the IBM Security Network Protection appliance in a NAT environment using the IBM Security SiteProtector system](<http://www.ibm.com/support/docview.wss?uid=swg21692722>) | 2017-04-14 | 37 \n[1996773](<http://www.ibm.com/support/docview.wss?uid=swg21996773>) | [IBM Security Network Protection firmware update 5.3.1.12 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21996773>) | 2017-04-14 | 38 \n[2004898](<http://www.ibm.com/support/docview.wss?uid=swg22004898>) | [SNMP interface name association on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22004898>) | 2017-10-02 | 39 \n[1965877](<http://www.ibm.com/support/docview.wss?uid=swg21965877>) | [Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Protection (CVE-2014-3565) ](<http://www.ibm.com/support/docview.wss?uid=swg21965877>) | 2017-04-14 | 40 \n[1967057](<http://www.ibm.com/support/docview.wss?uid=swg21967057>) | [Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Security Network Protection (CVE-2015-3183, and CVE-2015-1283)](<http://www.ibm.com/support/docview.wss?uid=swg21967057>) | 2017-04-14 | 41 \n[1978181](<http://www.ibm.com/support/docview.wss?uid=swg21978181>) | [IBM Security Network Protection firmware update 5.3.1.8 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21978181>) | 2017-04-14 | 42 \n[1978438](<http://www.ibm.com/support/docview.wss?uid=swg21978438>) | [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21978438>) | 2017-04-14 | 43 \n[1662537](<http://www.ibm.com/support/docview.wss?uid=swg21662537>) | [Fingerprint USB flash drives are unable to reimage an XGS appliance](<http://www.ibm.com/support/docview.wss?uid=swg21662537>) | 2017-04-14 | 44 \n[1665106](<http://www.ibm.com/support/docview.wss?uid=swg21665106>) | [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0002 ](<http://www.ibm.com/support/docview.wss?uid=swg21665106>) | 2017-04-14 | 45 \n[1964539](<http://www.ibm.com/support/docview.wss?uid=swg21964539>) | [Security Bulletin: Vulnerabilities in libuser affect IBM Security Network Protection (CVE-2015-3245, CVE-2015-3246) ](<http://www.ibm.com/support/docview.wss?uid=swg21964539>) | 2017-04-14 | 46 \n[1966578](<http://www.ibm.com/support/docview.wss?uid=swg21966578>) | [Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405) ](<http://www.ibm.com/support/docview.wss?uid=swg21966578>) | 2017-04-14 | 47 \n[1967169](<http://www.ibm.com/support/docview.wss?uid=swg21967169>) | [Security Bulletin: A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2014-8121) ](<http://www.ibm.com/support/docview.wss?uid=swg21967169>) | 2017-04-14 | 48 \n[1969664](<http://www.ibm.com/support/docview.wss?uid=swg21969664>) | [Security Bulletin: A vulnerability in Libxml affects IBM Security Network Protection (CVE-2015-1819) ](<http://www.ibm.com/support/docview.wss?uid=swg21969664>) | 2017-04-14 | 49 \n[1972209](<http://www.ibm.com/support/docview.wss?uid=swg21972209>) | [Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345) ](<http://www.ibm.com/support/docview.wss?uid=swg21972209>) | 2017-04-14 | 50 \n[1972382](<http://www.ibm.com/support/docview.wss?uid=swg21972382>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21972382>) | 2017-04-14 | 51 \n[1974423](<http://www.ibm.com/support/docview.wss?uid=swg21974423>) | [5.3.1.6-ISS-XGS-All-Models-Hotfix-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21974423>) | 2017-12-11 | 52 \n[1974550](<http://www.ibm.com/support/docview.wss?uid=swg21974550>) | [Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2015-3194, CVE-2015-3195, and CVE-2015-3196) ](<http://www.ibm.com/support/docview.wss?uid=swg21974550>) | 2017-04-14 | 53 \n[1974989](<http://www.ibm.com/support/docview.wss?uid=swg21974989>) | [Security Bulletin: A vulnerability in SQLite affects IBM Security Network Protection (CVE-2015-3416) ](<http://www.ibm.com/support/docview.wss?uid=swg21974989>) | 2017-04-14 | 54 \n[1975835](<http://www.ibm.com/support/docview.wss?uid=swg21975835>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21975835>) | 2017-04-14 | 55 \n[1979393](<http://www.ibm.com/support/docview.wss?uid=swg21979393>) | [Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-5300, CVE-2015-7704, and CVE-2015-8138)](<http://www.ibm.com/support/docview.wss?uid=swg21979393>) | 2017-04-14 | 56 \n[1984069](<http://www.ibm.com/support/docview.wss?uid=swg21984069>) | [IBM Security Network Protection firmware update 5.3.1.9 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21984069>) | 2017-05-09 | 57 \n[1993419](<http://www.ibm.com/support/docview.wss?uid=swg21993419>) | [Configuring logon session limit for IBM Security Network Protection 5.3.3.1](<http://www.ibm.com/support/docview.wss?uid=swg21993419>) | 2017-04-14 | 58 \n \n\\+ Firmware\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1688434](<http://www.ibm.com/support/docview.wss?uid=swg21688434>) | [Generating a support file on the IBM Security Network Protection appliance (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21688434>) | 2017-04-14 | 1 \n[1883739](<http://www.ibm.com/support/docview.wss?uid=swg21883739>) | [SNMP OID list for IBM Security Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21883739>) | 2018-05-01 | 2 \n[1685000](<http://www.ibm.com/support/docview.wss?uid=swg21685000>) | [IBM Security Network Protection (XGS) appliance reimage instructions using the USB device](<http://www.ibm.com/support/docview.wss?uid=swg21685000>) | 2017-04-14 | 3 \n[2010780](<http://www.ibm.com/support/docview.wss?uid=swg22010780>) | [IBM QRadar Network Security firmware update 5.4.0.3 readme](<http://www.ibm.com/support/docview.wss?uid=swg22010780>) | 2017-12-13 | 4 \n[2007210](<http://www.ibm.com/support/docview.wss?uid=swg22007210>) | [IBM QRadar Network Security firmware update 5.4.0.2 readme](<http://www.ibm.com/support/docview.wss?uid=swg22007210>) | 2017-12-05 | 5 \n[1959896](<http://www.ibm.com/support/docview.wss?uid=swg21959896>) | [Migrate policies before running Security Network Protection firmware updates](<http://www.ibm.com/support/docview.wss?uid=swg21959896>) | 2018-01-29 | 6 \n[2002664](<http://www.ibm.com/support/docview.wss?uid=swg22002664>) | [IBM QRadar Network Security firmware update 5.4.0.1 readme](<http://www.ibm.com/support/docview.wss?uid=swg22002664>) | 2017-12-05 | 7 \n[2010783](<http://www.ibm.com/support/docview.wss?uid=swg22010783>) | [IBM Security Network Protection firmware update 5.3.3.5 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22010783>) | 2017-12-13 | 8 \n[2002662](<http://www.ibm.com/support/docview.wss?uid=swg22002662>) | [IBM Security Network Protection firmware update 5.3.3.3 Readme ](<http://www.ibm.com/support/docview.wss?uid=swg22002662>) | 2017-06-19 | 9 \n[2007211](<http://www.ibm.com/support/docview.wss?uid=swg22007211>) | [IBM Security Network Protection firmware update 5.3.3.4 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22007211>) | 2017-09-28 | 10 \n[1681609](<http://www.ibm.com/support/docview.wss?uid=swg21681609>) | [Mapping SiteProtector IBM QRadar Network Security IQNS (XGS) policy names to local appliance XML files](<http://www.ibm.com/support/docview.wss?uid=swg21681609>) | 2018-05-01 | 11 \n[2010784](<http://www.ibm.com/support/docview.wss?uid=swg22010784>) | [IBM Security Network Protection firmware update 5.3.1.15 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22010784>) | 2017-12-13 | 12 \n[1691157](<http://www.ibm.com/support/docview.wss?uid=swg21691157>) | [Security Network protection (XGS) Shared Object policies that are replaced after upgrade DBSP 3.1.1.2 and 3.1.1.3](<http://www.ibm.com/support/docview.wss?uid=swg21691157>) | 2018-05-01 | 13 \n[1964460](<http://www.ibm.com/support/docview.wss?uid=swg21964460>) | [IBM Security Network Protection Firmware Version 5.3.1.3 Release Notes](<http://www.ibm.com/support/docview.wss?uid=swg21964460>) | 2017-08-24 | 14 \n[1961419](<http://www.ibm.com/support/docview.wss?uid=swg21961419>) | [IBM Security Network Protection Firmware Version 5.3.1.2 Release Notes](<http://www.ibm.com/support/docview.wss?uid=swg21961419>) | 2017-10-16 | 15 \n[1990406](<http://www.ibm.com/support/docview.wss?uid=swg21990406>) | [Upgrade to IBM Security Network Protection (XGS) Firmware version 5.3.3 fails and causes the appliance un-configured.](<http://www.ibm.com/support/docview.wss?uid=swg21990406>) | 2017-04-14 | 16 \n[2007212](<http://www.ibm.com/support/docview.wss?uid=swg22007212>) | [IBM Security Network Protection firmware update 5.3.1.14 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22007212>) | 2017-09-28 | 17 \n[1902801](<http://www.ibm.com/support/docview.wss?uid=swg21902801>) | [IBM Infrastructure Security versioning information](<http://www.ibm.com/support/docview.wss?uid=swg21902801>) | 2017-08-24 | 18 \n[1961660](<http://www.ibm.com/support/docview.wss?uid=swg21961660>) | [Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Protection (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 ) ](<http://www.ibm.com/support/docview.wss?uid=swg21961660>) | 2018-02-15 | 19 \n[7047165](<http://www.ibm.com/support/docview.wss?uid=swg27047165>) | [Open Mic Webcast: What is new in the XGS v5.3.2 firmware release? - 9 December 2015 [includes link to replay] [presentation is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27047165>) | 2017-04-15 | 20 \n[1691283](<http://www.ibm.com/support/docview.wss?uid=swg21691283>) | [Missing SiteProtector Management page after updating to 5.3 firmware](<http://www.ibm.com/support/docview.wss?uid=swg21691283>) | 2018-05-01 | 21 \n[1961670](<http://www.ibm.com/support/docview.wss?uid=swg21961670>) | [Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, and CVE-2014-9422) ](<http://www.ibm.com/support/docview.wss?uid=swg21961670>) | 2018-02-15 | 22 \n[7048510](<http://www.ibm.com/support/docview.wss?uid=swg27048510>) | [Open Mic Webcast: About the XGS 5.3.3 firmware release - 25 August 2016 [includes link to replay] [presentation is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27048510>) | 2017-04-15 | 23 \n[1957677](<http://www.ibm.com/support/docview.wss?uid=swg21957677>) | [Upgrading multiple firmware versions at one time on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21957677>) | 2017-08-09 | 24 \n[1959774](<http://www.ibm.com/support/docview.wss?uid=swg21959774>) | [IBM Security Network Protection Firmware Version 5.3.1.1 Release Notes](<http://www.ibm.com/support/docview.wss?uid=swg21959774>) | 2018-05-01 | 25 \n[1961454](<http://www.ibm.com/support/docview.wss?uid=swg21961454>) | [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21961454>) | 2018-02-15 | 26 \n[1965761](<http://www.ibm.com/support/docview.wss?uid=swg21965761>) | [Network Protection Firmware Version 5.3.1.4 Readme](<http://www.ibm.com/support/docview.wss?uid=swg21965761>) | 2017-08-24 | 27 \n[1989974](<http://www.ibm.com/support/docview.wss?uid=swg21989974>) | [Unconfigured state after upgrading from 5.2 or 5.3.0.x to 5.3.3 on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21989974>) | 2017-10-02 | 28 \n[2002663](<http://www.ibm.com/support/docview.wss?uid=swg22002663>) | [IBM Security Network Protection firmware update 5.3.1.13 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22002663>) | 2017-06-19 | 29 \n[2014163](<http://www.ibm.com/support/docview.wss?uid=swg22014163>) | [IBM Security Network Protection firmware update 5.3.1.16 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22014163>) | 2018-05-01 | 30 \n[2014164](<http://www.ibm.com/support/docview.wss?uid=swg22014164>) | [IBM Security Network Protection firmware update 5.3.3.6 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22014164>) | 2018-05-01 | 31 \n[2014165](<http://www.ibm.com/support/docview.wss?uid=swg22014165>) | [IBM QRadar Network Security firmware update 5.4.0.4 readme](<http://www.ibm.com/support/docview.wss?uid=swg22014165>) | 2018-05-01 | 32 \n[2015856](<http://www.ibm.com/support/docview.wss?uid=swg22015856>) | [End of support (EOS) announcement: IBM Security Network Protection (XGS) firmware versions 5.3.1 and 5.3.3](<http://www.ibm.com/support/docview.wss?uid=swg22015856>) | 2018-05-13 | 33 \n \n\\+ Fix Packs\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1696498](<http://www.ibm.com/support/docview.wss?uid=swg21696498>) | [5.3.0.4-ISS-XGS-All-Models-Hotfix-FP0001](<http://www.ibm.com/support/docview.wss?uid=swg21696498>) | 2017-04-14 | 1 \n \n\\+ General Information\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1644709](<http://www.ibm.com/support/docview.wss?uid=swg21644709>) | [IBM Security Network Protection XGS Appliance Support Lifecycle](<http://www.ibm.com/support/docview.wss?uid=swg21644709>) | 2018-05-15 | 1 \n[1993939](<http://www.ibm.com/support/docview.wss?uid=swg21993939>) | [IBM Qradar Network Security (IQNS) is Unhealthy in SiteProtector, with health check message: \"Management Certificate Authorities Status\"](<http://www.ibm.com/support/docview.wss?uid=swg21993939>) | 2018-05-01 | 2 \n[1994106](<http://www.ibm.com/support/docview.wss?uid=swg21994106>) | [Error: \"BUG: soft lockup - CPU#1 stuck for 67s!\" on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21994106>) | 2018-05-23 | 3 \n[1662575](<http://www.ibm.com/support/docview.wss?uid=swg21662575>) | [Configuring the IBM Security Network Protection (XGS) remote syslog to send events to QRadar SIEM](<http://www.ibm.com/support/docview.wss?uid=swg21662575>) | 2017-04-14 | 4 \n[1970829](<http://www.ibm.com/support/docview.wss?uid=swg21970829>) | [Call home server IP addresses for automated Service and Support requests](<http://www.ibm.com/support/docview.wss?uid=swg21970829>) | 2017-10-06 | 5 \n[7050516](<http://www.ibm.com/support/docview.wss?uid=swg27050516>) | [Open Mic Webcast: Frequently asked How-to questions for XGS - Thursday, 7 December 2017 (Includes link to replay; presentation is attached)](<http://www.ibm.com/support/docview.wss?uid=swg27050516>) | 2017-12-14 | 6 \n[1683796](<http://www.ibm.com/support/docview.wss?uid=swg21683796>) | [Configuring the management IP on the QRadar Network Security (XGS) appliance via serial console](<http://www.ibm.com/support/docview.wss?uid=swg21683796>) | 2018-05-01 | 7 \n[1639239](<http://www.ibm.com/support/docview.wss?uid=swg21639239>) | [ISS.mib file download](<http://www.ibm.com/support/docview.wss?uid=swg21639239>) | 2017-08-24 | 8 \n[1980543](<http://www.ibm.com/support/docview.wss?uid=swg21980543>) | [Checking the health of Security Network Protection and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21980543>) | 2018-05-29 | 9 \n[1969670](<http://www.ibm.com/support/docview.wss?uid=swg21969670>) | [Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Protection (CVE-2015-5600) ](<http://www.ibm.com/support/docview.wss?uid=swg21969670>) | 2017-04-14 | 10 \n[1608008](<http://www.ibm.com/support/docview.wss?uid=swg21608008>) | [IBM Security Network Protection XGS 5000 Appliance Support Lifecycle](<http://www.ibm.com/support/docview.wss?uid=swg21608008>) | 2018-05-01 | 11 \n[1983893](<http://www.ibm.com/support/docview.wss?uid=swg21983893>) | [XFF header configuration on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21983893>) | 2018-06-01 | 12 \n[1690064](<http://www.ibm.com/support/docview.wss?uid=swg21690064>) | [The Security Network Protection appliance Certificate Authority expires soon](<http://www.ibm.com/support/docview.wss?uid=swg21690064>) | 2018-05-01 | 13 \n[1687475](<http://www.ibm.com/support/docview.wss?uid=swg21687475>) | [Some XGS events are being allowed after setting the Block response](<http://www.ibm.com/support/docview.wss?uid=swg21687475>) | 2017-09-04 | 14 \n[1972163](<http://www.ibm.com/support/docview.wss?uid=swg21972163>) | [Security Network Protection (XGS) is in Offline status but events are seen in the SiteProtector Console](<http://www.ibm.com/support/docview.wss?uid=swg21972163>) | 2017-04-14 | 15 \n[1715537](<http://www.ibm.com/support/docview.wss?uid=swg21715537>) | [Known issues for IBM Security Network Protection version 5.3.1](<http://www.ibm.com/support/docview.wss?uid=swg21715537>) | 2018-05-04 | 16 \n[1667625](<http://www.ibm.com/support/docview.wss?uid=swg21667625>) | [Packet flow through the Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21667625>) | 2018-05-01 | 17 \n[1973893](<http://www.ibm.com/support/docview.wss?uid=swg21973893>) | [Resolving \"certificate is invalid\" errors between SiteProtector and Security Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21973893>) | 2017-04-14 | 18 \n[1981483](<http://www.ibm.com/support/docview.wss?uid=swg21981483>) | [Resetting admin account credentials on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21981483>) | 2017-08-02 | 19 \n[1972077](<http://www.ibm.com/support/docview.wss?uid=swg21972077>) | [Registering a Security Network Protection appliance to SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21972077>) | 2017-04-14 | 20 \n[1980541](<http://www.ibm.com/support/docview.wss?uid=swg21980541>) | [Create alerts based on specific Security Network Protection (XGS) system alerts](<http://www.ibm.com/support/docview.wss?uid=swg21980541>) | 2017-04-14 | 21 \n[1981030](<http://www.ibm.com/support/docview.wss?uid=swg21981030>) | [OpenSignature setup and rule creation for IBM Security Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21981030>) | 2017-04-14 | 22 \n[2001013](<http://www.ibm.com/support/docview.wss?uid=swg22001013>) | [How to verify if FIPS mode is enabled on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22001013>) | 2018-05-01 | 23 \n[1983883](<http://www.ibm.com/support/docview.wss?uid=swg21983883>) | [Changing the hostname and agent name of a Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21983883>) | 2017-08-09 | 24 \n[7046863](<http://www.ibm.com/support/docview.wss?uid=swg27046863>) | [Open Mic Webcast: XGS High Availability and Bypass - 28 October 2015 [presentation is attached; includes link to replay]](<http://www.ibm.com/support/docview.wss?uid=swg27046863>) | 2017-04-15 | 25 \n[1968313](<http://www.ibm.com/support/docview.wss?uid=swg21968313>) | [Unable to open or edit Security Network Protection (XGS) policies from SiteProtector Console.](<http://www.ibm.com/support/docview.wss?uid=swg21968313>) | 2017-09-04 | 26 \n[7046480](<http://www.ibm.com/support/docview.wss?uid=swg27046480>) | [Open Mic Webcast: Configuring OpenSignature (SNORT) on XGS - 23 September 2015 [presentation slides are attached; includes link to replay]](<http://www.ibm.com/support/docview.wss?uid=swg27046480>) | 2017-04-15 | 27 \n[1695933](<http://www.ibm.com/support/docview.wss?uid=swg21695933>) | [Determining the hostname, MAC, and IP address of a QRadar Network Security appliance from a support file](<http://www.ibm.com/support/docview.wss?uid=swg21695933>) | 2018-05-23 | 28 \n[1982555](<http://www.ibm.com/support/docview.wss?uid=swg21982555>) | [Network Time Policy (NTP) cannot be modified](<http://www.ibm.com/support/docview.wss?uid=swg21982555>) | 2018-05-01 | 29 \n[1995795](<http://www.ibm.com/support/docview.wss?uid=swg21995795>) | [Replacing the self-signed certificate on Security Network Protection appliances](<http://www.ibm.com/support/docview.wss?uid=swg21995795>) | 2018-03-05 | 30 \n[1974447](<http://www.ibm.com/support/docview.wss?uid=swg21974447>) | [Exporting a previous policy version for QRadar Network Security in SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21974447>) | 2018-02-25 | 31 \n[1981482](<http://www.ibm.com/support/docview.wss?uid=swg21981482>) | [Hardening the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21981482>) | 2018-05-21 | 32 \n[2008040](<http://www.ibm.com/support/docview.wss?uid=swg22008040>) | [Support for defanged IP addresses and URLs on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22008040>) | 2017-09-13 | 33 \n[2003988](<http://www.ibm.com/support/docview.wss?uid=swg22003988>) | [Troubleshooting and tuning the Malware Analysis feature in QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22003988>) | 2018-05-28 | 34 \n[2011003](<http://www.ibm.com/support/docview.wss?uid=swg22011003>) | [Verifying that NTP is working on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22011003>) | 2018-05-01 | 35 \n[1984940](<http://www.ibm.com/support/docview.wss?uid=swg21984940>) | [The number of concurrent sessions of IBM Security Network Protection differs from that on the data sheet.](<http://www.ibm.com/support/docview.wss?uid=swg21984940>) | 2017-05-24 | 36 \n[2010544](<http://www.ibm.com/support/docview.wss?uid=swg22010544>) | [Error: \"anyAddress: required field is null\" when saving a Host Address object for QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22010544>) | 2017-12-13 | 37 \n[1970499](<http://www.ibm.com/support/docview.wss?uid=swg21970499>) | [QRadar Network Security is Unhealthy in SiteProtector due to disconnected monitoring interfaces](<http://www.ibm.com/support/docview.wss?uid=swg21970499>) | 2017-09-26 | 38 \n[1977762](<http://www.ibm.com/support/docview.wss?uid=swg21977762>) | [Inspecting IPv6 traffic that uses the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21977762>) | 2018-05-01 | 39 \n[2002825](<http://www.ibm.com/support/docview.wss?uid=swg22002825>) | [Troubleshooting email responses not working on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22002825>) | 2018-05-01 | 40 \n[7049119](<http://www.ibm.com/support/docview.wss?uid=swg27049119>) | [Open Mic Webcast: XGS version 5.3.3.1 - Wednesday, December 14, 2016 (Includes link to replay and corrected slide deck)](<http://www.ibm.com/support/docview.wss?uid=swg27049119>) | 2017-04-15 | 41 \n[1959895](<http://www.ibm.com/support/docview.wss?uid=swg21959895>) | [Locating CVE-related bulletins for your Infrastructure Security product](<http://www.ibm.com/support/docview.wss?uid=swg21959895>) | 2017-08-24 | 42 \n[1994079](<http://www.ibm.com/support/docview.wss?uid=swg21994079>) | [ISNP/IQNS (XGS) Open Mic Presentation Index ](<http://www.ibm.com/support/docview.wss?uid=swg21994079>) | 2017-06-05 | 43 \n[7048201](<http://www.ibm.com/support/docview.wss?uid=swg27048201>) | [Open Mic Webcast: A new vulnerability has been discovered - How do I protect my network using IBM Network Security Protection? Thursday, 30 June 2016 [Includes link to replay. Presentation is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27048201>) | 2017-04-15 | 44 \n[1688889](<http://www.ibm.com/support/docview.wss?uid=swg21688889>) | [XGS reports an event matching a non-existent rule in the Network Access Policy ](<http://www.ibm.com/support/docview.wss?uid=swg21688889>) | 2017-08-04 | 45 \n[1690336](<http://www.ibm.com/support/docview.wss?uid=swg21690336>) | [Migrate XGS policies before running 5.3 firmware update](<http://www.ibm.com/support/docview.wss?uid=swg21690336>) | 2017-09-04 | 46 \n[1967068](<http://www.ibm.com/support/docview.wss?uid=swg21967068>) | [\"Verifying checksums...\" displayed on the LCD of the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21967068>) | 2017-10-17 | 47 \n[1996658](<http://www.ibm.com/support/docview.wss?uid=swg21996658>) | [IBM Security Network Protection (XGS) generated support file has 0 Kb file size](<http://www.ibm.com/support/docview.wss?uid=swg21996658>) | 2018-05-01 | 48 \n[7048226](<http://www.ibm.com/support/docview.wss?uid=swg27048226>) | [IBM Support Open Mic Replay: Ask the InfraStructure Security Experts - 27 July 2016 [OpenSignature presentation is attached] ](<http://www.ibm.com/support/docview.wss?uid=swg27048226>) | 2017-04-15 | 49 \n[1645456](<http://www.ibm.com/support/docview.wss?uid=swg21645456>) | [Must exclude protection interface IP address from proxy configuration for IBM Security Network Protection appliances placed between users and proxy servers](<http://www.ibm.com/support/docview.wss?uid=swg21645456>) | 2017-04-14 | 50 \n[1685118](<http://www.ibm.com/support/docview.wss?uid=swg21685118>) | [Issues with Firefox version 31.x and 32.x and outbound SSL inspection using the IBM Security Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21685118>) | 2017-08-29 | 51 \n[1697063](<http://www.ibm.com/support/docview.wss?uid=swg21697063>) | [Fixes included in 5.3.0.4-ISS-XGS-All-Models-Hotfix-FP0002 ](<http://www.ibm.com/support/docview.wss?uid=swg21697063>) | 2017-04-14 | 52 \n[1701033](<http://www.ibm.com/support/docview.wss?uid=swg21701033>) | [SNMP traffic lists protection interface address as source IP address](<http://www.ibm.com/support/docview.wss?uid=swg21701033>) | 2017-04-14 | 53 \n[1884020](<http://www.ibm.com/support/docview.wss?uid=swg21884020>) | [SiteProtector System does not display correct IP address for Network Security appliance in NAT environment](<http://www.ibm.com/support/docview.wss?uid=swg21884020>) | 2017-04-14 | 54 \n[1993269](<http://www.ibm.com/support/docview.wss?uid=swg21993269>) | [Firewall rules necessary to ensure X-Force Exchange site access](<http://www.ibm.com/support/docview.wss?uid=swg21993269>) | 2017-04-14 | 55 \n[1993349](<http://www.ibm.com/support/docview.wss?uid=swg21993349>) | [Impact of the 2016-12-31 leap second IBM Security Infrastructure products](<http://www.ibm.com/support/docview.wss?uid=swg21993349>) | 2018-05-23 | 56 \n[2002060](<http://www.ibm.com/support/docview.wss?uid=swg22002060>) | [ISNP/IQNS (XGS) YouTube Video Index](<http://www.ibm.com/support/docview.wss?uid=swg22002060>) | 2017-07-05 | 57 \n[7046993](<http://www.ibm.com/support/docview.wss?uid=swg27046993>) | [Open Mic Webcast: So I just deployed the IBM Security Network Protection Appliance - what do I do next? 18 November 2015 [Includes link to replay] [Slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27046993>) | 2017-06-05 | 58 \n[1599354](<http://www.ibm.com/support/docview.wss?uid=swg21599354>) | [Security Systems My Notifications subscription instructions](<http://www.ibm.com/support/docview.wss?uid=swg21599354>) | 2017-04-14 | 59 \n[1655377](<http://www.ibm.com/support/docview.wss?uid=swg21655377>) | [Security Bulletin: Security Network Protection is affected by a cross-site scripting vulnerability (CVE-2013-5442)](<http://www.ibm.com/support/docview.wss?uid=swg21655377>) | 2018-02-15 | 60 \n[1667602](<http://www.ibm.com/support/docview.wss?uid=swg21667602>) | [Encryption used by the Network Protection (XGS) when communicating with ibmxpu.flexnetoperations.com](<http://www.ibm.com/support/docview.wss?uid=swg21667602>) | 2018-05-01 | 61 \n[1688002](<http://www.ibm.com/support/docview.wss?uid=swg21688002>) | [Known Issues for IBM Security Network Protection Firmware Version 5.3](<http://www.ibm.com/support/docview.wss?uid=swg21688002>) | 2017-04-14 | 62 \n[1692094](<http://www.ibm.com/support/docview.wss?uid=swg21692094>) | [Network Protection policies are missing from SiteProtector after upgrading firmware to 5.3 or 5.3.0.1](<http://www.ibm.com/support/docview.wss?uid=swg21692094>) | 2018-05-01 | 63 \n[1697667](<http://www.ibm.com/support/docview.wss?uid=swg21697667>) | [5.3.0.1-ISS-XGS-All-Models-Hotfix-FP0001 ](<http://www.ibm.com/support/docview.wss?uid=swg21697667>) | 2017-04-14 | 64 \n[1963637](<http://www.ibm.com/support/docview.wss?uid=swg21963637>) | [Disabling QRadar Network Security event posting to SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21963637>) | 2017-09-26 | 65 \n[1966075](<http://www.ibm.com/support/docview.wss?uid=swg21966075>) | [Severity-based event responses on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21966075>) | 2017-09-11 | 66 \n[1969771](<http://www.ibm.com/support/docview.wss?uid=swg21969771>) | [Security Bulletin: A vulnerability in Pluggable Authentication Modules (PAM) affects IBM Security Network Protection (CVE-2015-3238)](<http://www.ibm.com/support/docview.wss?uid=swg21969771>) | 2017-04-14 | 67 \n[1980537](<http://www.ibm.com/support/docview.wss?uid=swg21980537>) | [Disabling TCP timestamps on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21980537>) | 2018-05-28 | 68 \n[1984726](<http://www.ibm.com/support/docview.wss?uid=swg21984726>) | [Security Network Protection (XGS) appliances send packets out of order](<http://www.ibm.com/support/docview.wss?uid=swg21984726>) | 2018-05-01 | 69 \n[1988858](<http://www.ibm.com/support/docview.wss?uid=swg21988858>) | [Determine whether the XGS 5100 requires a 5.3.2.3 LCD Hotfix](<http://www.ibm.com/support/docview.wss?uid=swg21988858>) | 2017-08-24 | 70 \n[7048767](<http://www.ibm.com/support/docview.wss?uid=swg27048767>) | [Open Mic replay: Basic Troubleshooting of XGS - 22 September 2016 ](<http://www.ibm.com/support/docview.wss?uid=swg27048767>) | 2017-04-15 | 71 \n[1643250](<http://www.ibm.com/support/docview.wss?uid=swg21643250>) | [IBM Security Systems Infrastructure product aliases](<http://www.ibm.com/support/docview.wss?uid=swg21643250>) | 2017-09-04 | 72 \n[1665279](<http://www.ibm.com/support/docview.wss?uid=swg21665279>) | [Security Bulletin: IBM Security Network Protection System can be affected by vulnerabilities in Ruby on Rails and the Ruby language (CVE-2013-4492, CVE-2013-4164)](<http://www.ibm.com/support/docview.wss?uid=swg21665279>) | 2018-02-15 | 73 \n[1686343](<http://www.ibm.com/support/docview.wss?uid=swg21686343>) | [Confirm user name and reset password for the Logon-event Scanner](<http://www.ibm.com/support/docview.wss?uid=swg21686343>) | 2018-05-01 | 74 \n[1689782](<http://www.ibm.com/support/docview.wss?uid=swg21689782>) | [System Error Top 10 Applications: Unable to retrieve the data requested](<http://www.ibm.com/support/docview.wss?uid=swg21689782>) | 2017-04-14 | 75 \n[1987547](<http://www.ibm.com/support/docview.wss?uid=swg21987547>) | [Where can a customer obtain information about new network attacks? ](<http://www.ibm.com/support/docview.wss?uid=swg21987547>) | 2017-07-08 | 76 \n[1987984](<http://www.ibm.com/support/docview.wss?uid=swg21987984>) | [System Event code list for IBM Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21987984>) | 2018-06-03 | 77 \n[1988153](<http://www.ibm.com/support/docview.wss?uid=swg21988153>) | [Obtaining information about protection against new network attacks](<http://www.ibm.com/support/docview.wss?uid=swg21988153>) | 2017-09-18 | 78 \n[2011432](<http://www.ibm.com/support/docview.wss?uid=swg22011432>) | [FNXUD0002I system events in Monitoring mode on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22011432>) | 2018-02-19 | 79 \n \n\\+ Hardware\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1680286](<http://www.ibm.com/support/docview.wss?uid=swg21680286>) | [IBM QRadar Network Security IQNS (XGS) 3100/4100/5100/7100 hardware comparison and NIM configurations](<http://www.ibm.com/support/docview.wss?uid=swg21680286>) | 2018-05-01 | 1 \n[1455876](<http://www.ibm.com/support/docview.wss?uid=swg21455876>) | [Obtaining the serial number and model number from an IBM Security or Proventia appliance](<http://www.ibm.com/support/docview.wss?uid=swg21455876>) | 2018-01-01 | 2 \n[1684986](<http://www.ibm.com/support/docview.wss?uid=swg21684986>) | [Running Platform Hardware Diagnostics utility on the Security Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21684986>) | 2018-05-01 | 3 \n[1691051](<http://www.ibm.com/support/docview.wss?uid=swg21691051>) | [IBM QRadar Network Security IQNS (XGS) appliance High Availability (HA) cabling guide](<http://www.ibm.com/support/docview.wss?uid=swg21691051>) | 2018-05-01 | 4 \n[1697576](<http://www.ibm.com/support/docview.wss?uid=swg21697576>) | [IBM Security RMA form](<http://www.ibm.com/support/docview.wss?uid=swg21697576>) | 2018-05-01 | 5 \n[1962052](<http://www.ibm.com/support/docview.wss?uid=swg21962052>) | [Customer Replaceable Unit (CRU) parts for IBM Infrastructure Security products](<http://www.ibm.com/support/docview.wss?uid=swg21962052>) | 2017-04-14 | 6 \n[1959769](<http://www.ibm.com/support/docview.wss?uid=swg21959769>) | [LED status indicators on the IBM Security Network Protection (XGS) and IBM Security Network Intrusion Prevention System (GX) appliances](<http://www.ibm.com/support/docview.wss?uid=swg21959769>) | 2018-05-01 | 7 \n[1959487](<http://www.ibm.com/support/docview.wss?uid=swg21959487>) | [Locating the serial number on IBM Security Network Protection (XGS) appliances](<http://www.ibm.com/support/docview.wss?uid=swg21959487>) | 2018-05-01 | 8 \n[1984376](<http://www.ibm.com/support/docview.wss?uid=swg21984376>) | [The Security Network Protection XGS 5100 10G NIMs are not recognized ](<http://www.ibm.com/support/docview.wss?uid=swg21984376>) | 2017-08-28 | 9 \n[1964988](<http://www.ibm.com/support/docview.wss?uid=swg21964988>) | [Configuring management interface link speed and duplex settings for QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21964988>) | 2017-09-04 | 10 \n[1980532](<http://www.ibm.com/support/docview.wss?uid=swg21980532>) | [IBM Security Network Protection (XGS) 7100 requires Network Interface Modules (NIM) with firmware 1.6.0 or higher](<http://www.ibm.com/support/docview.wss?uid=swg21980532>) | 2017-04-14 | 11 \n[2004899](<http://www.ibm.com/support/docview.wss?uid=swg22004899>) | [Hardware health check interval on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22004899>) | 2017-11-10 | 12 \n[1977921](<http://www.ibm.com/support/docview.wss?uid=swg21977921>) | [Speed and duplex settings are grayed out when using a 10G NIM module on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21977921>) | 2018-05-06 | 13 \n[2004680](<http://www.ibm.com/support/docview.wss?uid=swg22004680>) | [Manufacturing information for IBM Security hardware](<http://www.ibm.com/support/docview.wss?uid=swg22004680>) | 2018-05-21 | 14 \n[1883752](<http://www.ibm.com/support/docview.wss?uid=swg21883752>) | [Fiber optic cable types that can be used with the Security Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21883752>) | 2017-04-14 | 15 \n[1903077](<http://www.ibm.com/support/docview.wss?uid=swg21903077>) | [Log information indicating A/C power reset is needed on IQNS](<http://www.ibm.com/support/docview.wss?uid=swg21903077>) | 2018-05-01 | 16 \n[1987913](<http://www.ibm.com/support/docview.wss?uid=swg21987913>) | [Link down to the network switch after restarting IBM Security Network Protection XGS 7100](<http://www.ibm.com/support/docview.wss?uid=swg21987913>) | 2017-04-14 | 17 \n[2001134](<http://www.ibm.com/support/docview.wss?uid=swg22001134>) | [Securely wipe a QRadar Network Security appliance](<http://www.ibm.com/support/docview.wss?uid=swg22001134>) | 2018-05-06 | 18 \n[1977445](<http://www.ibm.com/support/docview.wss?uid=swg21977445>) | [QRadar Network Security support for USB 3.0](<http://www.ibm.com/support/docview.wss?uid=swg21977445>) | 2018-05-01 | 19 \n \n\\+ Identity\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1667633](<http://www.ibm.com/support/docview.wss?uid=swg21667633>) | [Policy differences between the Security Network IPS and Security Network Protection System](<http://www.ibm.com/support/docview.wss?uid=swg21667633>) | 2018-05-01 | 1 \n[1980526](<http://www.ibm.com/support/docview.wss?uid=swg21980526>) | [Error: \"side-by-side configuration is incorrect\" when starting Security Logon Event Scanner](<http://www.ibm.com/support/docview.wss?uid=swg21980526>) | 2017-06-10 | 2 \n[1593164](<http://www.ibm.com/support/docview.wss?uid=swg21593164>) | [Downloading the Security Logon-event Scanner software](<http://www.ibm.com/support/docview.wss?uid=swg21593164>) | 2017-06-10 | 3 \n[1981955](<http://www.ibm.com/support/docview.wss?uid=swg21981955>) | [Common issues when configuring Passive Authentication and the Logon-event Scanner for the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21981955>) | 2017-04-23 | 4 \n[1980531](<http://www.ibm.com/support/docview.wss?uid=swg21980531>) | [Security Network Protection Passive Authentication is logging events from authenticated users as \"unauthenticated user\"](<http://www.ibm.com/support/docview.wss?uid=swg21980531>) | 2017-08-02 | 5 \n[1990089](<http://www.ibm.com/support/docview.wss?uid=swg21990089>) | [Installing Logon-event Scanner version 7.0](<http://www.ibm.com/support/docview.wss?uid=swg21990089>) | 2017-05-24 | 6 \n[1667487](<http://www.ibm.com/support/docview.wss?uid=swg21667487>) | [Authentication portal session timeout information for the Security Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21667487>) | 2018-05-01 | 7 \n[1698729](<http://www.ibm.com/support/docview.wss?uid=swg21698729>) | [Error when adding Remote Identity Objects on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21698729>) | 2017-04-14 | 8 \n[1990094](<http://www.ibm.com/support/docview.wss?uid=swg21990094>) | [No active sessions in Security Network Protection (XGS) after installing Logon-event Scanner version 7.0](<http://www.ibm.com/support/docview.wss?uid=swg21990094>) | 2017-07-12 | 9 \n[2004901](<http://www.ibm.com/support/docview.wss?uid=swg22004901>) | [Active Directory authentication fails on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22004901>) | 2017-12-13 | 10 \n[1695029](<http://www.ibm.com/support/docview.wss?uid=swg21695029>) | [Configuring protection interfaces for the Captive Authentication portal](<http://www.ibm.com/support/docview.wss?uid=swg21695029>) | 2018-05-01 | 11 \n[1672960](<http://www.ibm.com/support/docview.wss?uid=swg21672960>) | [Error when trying to add Remote Identity objects on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21672960>) | 2017-09-26 | 12 \n[1696727](<http://www.ibm.com/support/docview.wss?uid=swg21696727>) | [Logon-event Scanner service stops on the Active Directory server](<http://www.ibm.com/support/docview.wss?uid=swg21696727>) | 2018-05-01 | 13 \n[1990090](<http://www.ibm.com/support/docview.wss?uid=swg21990090>) | [Managing Logon-event Scanner Version 7.0](<http://www.ibm.com/support/docview.wss?uid=swg21990090>) | 2017-04-14 | 14 \n[1649622](<http://www.ibm.com/support/docview.wss?uid=swg21649622>) | [Inbound connections fail when user authentication does not include a destination object specifying which adapters are external](<http://www.ibm.com/support/docview.wss?uid=swg21649622>) | 2017-04-14 | 15 \n[1696728](<http://www.ibm.com/support/docview.wss?uid=swg21696728>) | [Logon-event Scanner is unable to process Russian characters](<http://www.ibm.com/support/docview.wss?uid=swg21696728>) | 2017-04-14 | 16 \n[1973114](<http://www.ibm.com/support/docview.wss?uid=swg21973114>) | [Security Logon-event Scanner does not report active sessions when domain names do not match](<http://www.ibm.com/support/docview.wss?uid=swg21973114>) | 2017-04-23 | 17 \n[1975846](<http://www.ibm.com/support/docview.wss?uid=swg21975846>) | [Network Protection (XGS) - Passively authenticated users or group-based NAP rules do not match](<http://www.ibm.com/support/docview.wss?uid=swg21975846>) | 2018-05-01 | 18 \n[1980530](<http://www.ibm.com/support/docview.wss?uid=swg21980530>) | [Security Logon-event Scanner Domain Administrator account is not seen as an active session by the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21980530>) | 2018-05-28 | 19 \n[1980552](<http://www.ibm.com/support/docview.wss?uid=swg21980552>) | [Logon-event Scanner can no longer communicate with the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21980552>) | 2017-05-28 | 20 \n \n\\+ Installation\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1964546](<http://www.ibm.com/support/docview.wss?uid=swg21964546>) | [IBM QRadar Network Security IQNS (XGS) and Security Network IPS (GX) cabling guidelines](<http://www.ibm.com/support/docview.wss?uid=swg21964546>) | 2018-05-01 | 1 \n[1964989](<http://www.ibm.com/support/docview.wss?uid=swg21964989>) | [Error: \"Character content other than whitespace\" after reimaging or updating an XGS sensor](<http://www.ibm.com/support/docview.wss?uid=swg21964989>) | 2017-09-04 | 2 \n[1962633](<http://www.ibm.com/support/docview.wss?uid=swg21962633>) | [IBM Security Network Protection (XGS) and Network Intrusion Prevention (IPS) install guidelines after a replacement unit (RMA) was received](<http://www.ibm.com/support/docview.wss?uid=swg21962633>) | 2017-06-19 | 3 \n[1962593](<http://www.ibm.com/support/docview.wss?uid=swg21962593>) | [Moving Security Network Protection policies to a new SiteProtector system](<http://www.ibm.com/support/docview.wss?uid=swg21962593>) | 2017-04-14 | 4 \n[1694346](<http://www.ibm.com/support/docview.wss?uid=swg21694346>) | [Security Network Protection (XGS) System error when registing with SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21694346>) | 2018-05-01 | 5 \n \n\\+ Interim Fixes\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1966077](<http://www.ibm.com/support/docview.wss?uid=swg21966077>) | [Certificate \"expired or is near expiration\" message after you import a new LMI certificate on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21966077>) | 2017-09-18 | 1 \n[1677166](<http://www.ibm.com/support/docview.wss?uid=swg21677166>) | [Fixes and patches available for IBM Security products](<http://www.ibm.com/support/docview.wss?uid=swg21677166>) | 2018-05-13 | 2 \n[1700713](<http://www.ibm.com/support/docview.wss?uid=swg21700713>) | [IBM Security Network Protection (XGS) firmware 5.3.0.5 release notes](<http://www.ibm.com/support/docview.wss?uid=swg21700713>) | 2018-05-01 | 3 \n[1961507](<http://www.ibm.com/support/docview.wss?uid=swg21961507>) | [Security Network Protection sensor vulnerability to CVE-2014-2532](<http://www.ibm.com/support/docview.wss?uid=swg21961507>) | 2017-10-23 | 4 \n[1902778](<http://www.ibm.com/support/docview.wss?uid=swg21902778>) | [Security Network Protection firmware 5.3.1 release notes](<http://www.ibm.com/support/docview.wss?uid=swg21902778>) | 2018-05-01 | 5 \n[1960788](<http://www.ibm.com/support/docview.wss?uid=swg21960788>) | [5.3.1.1-ISS-XGS-All-Models-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21960788>) | 2018-05-01 | 6 \n[2000334](<http://www.ibm.com/support/docview.wss?uid=swg22000334>) | [5.3.3.2-ISS-XGS-All-Models-Hotfix-IF0003](<http://www.ibm.com/support/docview.wss?uid=swg22000334>) | 2017-06-30 | 7 \n[1959193](<http://www.ibm.com/support/docview.wss?uid=swg21959193>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0009 ](<http://www.ibm.com/support/docview.wss?uid=swg21959193>) | 2018-05-13 | 8 \n[1959666](<http://www.ibm.com/support/docview.wss?uid=swg21959666>) | [5.3.0.6-ISS-XGS-All-Models-IF0002](<http://www.ibm.com/support/docview.wss?uid=swg21959666>) | 2018-05-21 | 9 \n[1972784](<http://www.ibm.com/support/docview.wss?uid=swg21972784>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0013](<http://www.ibm.com/support/docview.wss?uid=swg21972784>) | 2017-04-14 | 10 \n[1690659](<http://www.ibm.com/support/docview.wss?uid=swg21690659>) | [5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001](<http://www.ibm.com/support/docview.wss?uid=swg21690659>) | 2017-04-14 | 11 \n[1664576](<http://www.ibm.com/support/docview.wss?uid=swg21664576>) | [5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0002](<http://www.ibm.com/support/docview.wss?uid=swg21664576>) | 2017-04-14 | 12 \n[1681073](<http://www.ibm.com/support/docview.wss?uid=swg21681073>) | [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0006](<http://www.ibm.com/support/docview.wss?uid=swg21681073>) | 2017-06-24 | 13 \n[1685298](<http://www.ibm.com/support/docview.wss?uid=swg21685298>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0004](<http://www.ibm.com/support/docview.wss?uid=swg21685298>) | 2018-05-01 | 14 \n[1685299](<http://www.ibm.com/support/docview.wss?uid=swg21685299>) | [5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0012](<http://www.ibm.com/support/docview.wss?uid=swg21685299>) | 2018-05-01 | 15 \n[1685300](<http://www.ibm.com/support/docview.wss?uid=swg21685300>) | [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0007](<http://www.ibm.com/support/docview.wss?uid=swg21685300>) | 2018-05-01 | 16 \n[1685301](<http://www.ibm.com/support/docview.wss?uid=swg21685301>) | [5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0008](<http://www.ibm.com/support/docview.wss?uid=swg21685301>) | 2018-05-01 | 17 \n[1685302](<http://www.ibm.com/support/docview.wss?uid=swg21685302>) | [5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0004](<http://www.ibm.com/support/docview.wss?uid=swg21685302>) | 2018-05-01 | 18 \n[1690850](<http://www.ibm.com/support/docview.wss?uid=swg21690850>) | [5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013](<http://www.ibm.com/support/docview.wss?uid=swg21690850>) | 2017-04-14 | 19 \n[1690851](<http://www.ibm.com/support/docview.wss?uid=swg21690851>) | [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008](<http://www.ibm.com/support/docview.wss?uid=swg21690851>) | 2017-04-14 | 20 \n[1693604](<http://www.ibm.com/support/docview.wss?uid=swg21693604>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0006](<http://www.ibm.com/support/docview.wss?uid=swg21693604>) | 2017-04-14 | 21 \n[1696054](<http://www.ibm.com/support/docview.wss?uid=swg21696054>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0007](<http://www.ibm.com/support/docview.wss?uid=swg21696054>) | 2018-05-01 | 22 \n[1700617](<http://www.ibm.com/support/docview.wss?uid=swg21700617>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008](<http://www.ibm.com/support/docview.wss?uid=swg21700617>) | 2017-04-23 | 23 \n[1903749](<http://www.ibm.com/support/docview.wss?uid=swg21903749>) | [5.3.0.6-ISS-XGS-All-Models-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21903749>) | 2018-05-01 | 24 \n[1960784](<http://www.ibm.com/support/docview.wss?uid=swg21960784>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP00010](<http://www.ibm.com/support/docview.wss?uid=swg21960784>) | 2018-05-01 | 25 \n[1960785](<http://www.ibm.com/support/docview.wss?uid=swg21960785>) | [5.3.0.6-ISS-XGS-All-Models-IF0003](<http://www.ibm.com/support/docview.wss?uid=swg21960785>) | 2018-05-21 | 26 \n[1968790](<http://www.ibm.com/support/docview.wss?uid=swg21968790>) | [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012](<http://www.ibm.com/support/docview.wss?uid=swg21968790>) | 2017-09-26 | 27 \n[1975563](<http://www.ibm.com/support/docview.wss?uid=swg21975563>) | [5.3.1.7-ISS-XGS-All-Models-Hotfix-IF0001](<http://www.ibm.com/support/docview.wss?uid=swg21975563>) | 2017-04-14 | 28 \n \n\\+ Intrusion Prevention Module (IPM)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1680386](<http://www.ibm.com/support/docview.wss?uid=swg21680386>) | [Migrating existing Security Network IPS policies to the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21680386>) | 2018-05-01 | 1 \n[1962048](<http://www.ibm.com/support/docview.wss?uid=swg21962048>) | [Difference between Allow and Ignore in the IPS Event Filter Policy on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21962048>) | 2017-09-04 | 2 \n[1695087](<http://www.ibm.com/support/docview.wss?uid=swg21695087>) | [Warning: RSYSLOG response: LEEF message is truncated, IBM QRadar Network Security IQNS (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21695087>) | 2018-05-01 | 3 \n[1958077](<http://www.ibm.com/support/docview.wss?uid=swg21958077>) | [XML content of policy export on Network IPS and Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21958077>) | 2017-08-02 | 4 \n[1660083](<http://www.ibm.com/support/docview.wss?uid=swg21660083>) | [QRadar SIEM only logging Network Access events but not IPS Security Events from Security Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21660083>) | 2017-04-14 | 5 \n[1687457](<http://www.ibm.com/support/docview.wss?uid=swg21687457>) | [Certain security events can only be used in the Default IPS policy object on the IBM QRadar Network Security IQNS/XGS sensor](<http://www.ibm.com/support/docview.wss?uid=swg21687457>) | 2018-05-01 | 6 \n[7047767](<http://www.ibm.com/support/docview.wss?uid=swg27047767>) | [XGS Open Mic Webcast: Application Control and IP Reputation Demystified! Thursday, 31 March 2016 [Includes attached presentation and link to replay]](<http://www.ibm.com/support/docview.wss?uid=swg27047767>) | 2017-04-15 | 7 \n[1682385](<http://www.ibm.com/support/docview.wss?uid=swg21682385>) | [IBM Qradar Network Security -IQNS (XGS) not firing IPS events after being registered in SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21682385>) | 2018-05-01 | 8 \n[1963728](<http://www.ibm.com/support/docview.wss?uid=swg21963728>) | [IBM Security Network Protection (XGS) security events UNIX timestamp conversion tool](<http://www.ibm.com/support/docview.wss?uid=swg21963728>) | 2017-04-16 | 9 \n[1696200](<http://www.ibm.com/support/docview.wss?uid=swg21696200>) | [Logging URL data from Network Access events](<http://www.ibm.com/support/docview.wss?uid=swg21696200>) | 2018-05-01 | 10 \n[1699305](<http://www.ibm.com/support/docview.wss?uid=swg21699305>) | [System error shows \"Issue ID: value already exists\" when attempting to add/edit IPS Event Filter rules](<http://www.ibm.com/support/docview.wss?uid=swg21699305>) | 2017-04-14 | 11 \n \n\\+ Licensing and Updates (LUM)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1679077](<http://www.ibm.com/support/docview.wss?uid=swg21679077>) | [Steps to generate or regenerate license keys from the IBM License Key Center](<http://www.ibm.com/support/docview.wss?uid=swg21679077>) | 2018-05-01 | 1 \n[1680383](<http://www.ibm.com/support/docview.wss?uid=swg21680383>) | [IBM QRadar Network Security IQNS (XGS) licensing summary](<http://www.ibm.com/support/docview.wss?uid=swg21680383>) | 2018-05-01 | 2 \n[1437057](<http://www.ibm.com/support/docview.wss?uid=swg21437057>) | [Firewall rules necessary to ensure that IBM Security and Lotus Protector for Mail Security Products can update](<http://www.ibm.com/support/docview.wss?uid=swg21437057>) | 2017-09-10 | 3 \n[1965396](<http://www.ibm.com/support/docview.wss?uid=swg21965396>) | [Best practices for firmware upgrades on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21965396>) | 2017-06-10 | 4 \n[1961077](<http://www.ibm.com/support/docview.wss?uid=swg21961077>) | [Manually applying updates on the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21961077>) | 2017-05-13 | 5 \n[1678995](<http://www.ibm.com/support/docview.wss?uid=swg21678995>) | [IBM QRadar Network Security IQNS (XGS) does not apply all currently entitled licenses after it is registered with SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21678995>) | 2018-05-01 | 6 \n[1964486](<http://www.ibm.com/support/docview.wss?uid=swg21964486>) | [Internet access configuration for Application Database updates on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21964486>) | 2018-05-01 | 7 \n[1693920](<http://www.ibm.com/support/docview.wss?uid=swg21693920>) | [Network Protection (XGS) firmware update fails to install](<http://www.ibm.com/support/docview.wss?uid=swg21693920>) | 2018-05-01 | 8 \n[1610380](<http://www.ibm.com/support/docview.wss?uid=swg21610380>) | [Adding or Changing Registered End Users (REUs) in Flexera Licensing Key Center (LKC)](<http://www.ibm.com/support/docview.wss?uid=swg21610380>) | 2017-09-07 | 9 \n[1988156](<http://www.ibm.com/support/docview.wss?uid=swg21988156>) | [Security Network Protection license refresh timing in SiteProtector](<http://www.ibm.com/support/docview.wss?uid=swg21988156>) | 2017-04-14 | 10 \n[1996659](<http://www.ibm.com/support/docview.wss?uid=swg21996659>) | [GLGUP1012E alerts on IBM Security Network Protection (XGS) not configured for internet access](<http://www.ibm.com/support/docview.wss?uid=swg21996659>) | 2018-05-01 | 11 \n[1970863](<http://www.ibm.com/support/docview.wss?uid=swg21970863>) | [Possible memory leak in 5.3.1.5 firmware release](<http://www.ibm.com/support/docview.wss?uid=swg21970863>) | 2017-04-14 | 12 \n[1986089](<http://www.ibm.com/support/docview.wss?uid=swg21986089>) | [License expiration date does not change after adding a new license to the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21986089>) | 2017-08-28 | 13 \n[1975847](<http://www.ibm.com/support/docview.wss?uid=swg21975847>) | [Unable to find recently purchased licenses for IBM Security products](<http://www.ibm.com/support/docview.wss?uid=swg21975847>) | 2018-05-01 | 14 \n \n\\+ Local Management Interface (LMI)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[2007513](<http://www.ibm.com/support/docview.wss?uid=swg22007513>) | [Error: \"Failed to find an app server\" and web interface not accessible on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg22007513>) | 2017-09-08 | 1 \n[1976862](<http://www.ibm.com/support/docview.wss?uid=swg21976862>) | [LMI certificate management on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21976862>) | 2018-02-26 | 2 \n[1983851](<http://www.ibm.com/support/docview.wss?uid=swg21983851>) | [Change the Security Network Protection (XGS) default administrator password in the Local Management Interface (LMI)](<http://www.ibm.com/support/docview.wss?uid=swg21983851>) | 2018-05-01 | 3 \n[1766545](<http://www.ibm.com/support/docview.wss?uid=swg21766545>) | [Configuring multiple accounts for LMI and CLI on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21766545>) | 2018-05-20 | 4 \n[1983880](<http://www.ibm.com/support/docview.wss?uid=swg21983880>) | [Token-based two-factor authentication on QRadar Network Security and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21983880>) | 2017-05-28 | 5 \n[1883738](<http://www.ibm.com/support/docview.wss?uid=swg21883738>) | [Disabling weak ciphers for the LMI of the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21883738>) | 2018-02-01 | 6 \n[1988154](<http://www.ibm.com/support/docview.wss?uid=swg21988154>) | [Internet Explorer Compatibility View mode causes LMI issues on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21988154>) | 2017-08-28 | 7 \n[1969071](<http://www.ibm.com/support/docview.wss?uid=swg21969071>) | [LMI is inaccessible after replacing the certificate on QRadar Network Protection (XGS) sensors](<http://www.ibm.com/support/docview.wss?uid=swg21969071>) | 2017-10-01 | 8 \n[1990349](<http://www.ibm.com/support/docview.wss?uid=swg21990349>) | [Error: \"The page you were looking for doesn't exist\" on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21990349>) | 2017-04-14 | 9 \n[1595890](<http://www.ibm.com/support/docview.wss?uid=swg21595890>) | [Supported Browsers for the IBM Security Network Protection Appliance](<http://www.ibm.com/support/docview.wss?uid=swg21595890>) | 2017-04-14 | 10 \n[1682813](<http://www.ibm.com/support/docview.wss?uid=swg21682813>) | [Blank Interface Statistics Graphs in the Local Management Interface (LMI)](<http://www.ibm.com/support/docview.wss?uid=swg21682813>) | 2018-05-01 | 11 \n[1970018](<http://www.ibm.com/support/docview.wss?uid=swg21970018>) | [Certficate in Awaiting CA Certificate Upload status for the Security Network Protection LMI](<http://www.ibm.com/support/docview.wss?uid=swg21970018>) | 2017-04-14 | 12 \n[1983898](<http://www.ibm.com/support/docview.wss?uid=swg21983898>) | [Unable to access LMI after applying fix pack 5.3.X-ISS-XGS-Remove-LMI-Certs to a Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21983898>) | 2017-04-14 | 13 \n[1968985](<http://www.ibm.com/support/docview.wss?uid=swg21968985>) | [Unable to access the LMI in Firefox after configuring FIPS on the Security Network Protection sensor](<http://www.ibm.com/support/docview.wss?uid=swg21968985>) | 2017-04-14 | 14 \n[2000598](<http://www.ibm.com/support/docview.wss?uid=swg22000598>) | [Unable to add SNMP object to Security Network Protection at firmware 5.3.3.2](<http://www.ibm.com/support/docview.wss?uid=swg22000598>) | 2018-05-01 | 15 \n[1713633](<http://www.ibm.com/support/docview.wss?uid=swg21713633>) | [Local event data retention settings on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21713633>) | 2018-05-28 | 16 \n[1963516](<http://www.ibm.com/support/docview.wss?uid=swg21963516>) | [System Error when using a third-party certificate in QRadar Network Security LMI](<http://www.ibm.com/support/docview.wss?uid=swg21963516>) | 2017-09-26 | 17 \n[1989975](<http://www.ibm.com/support/docview.wss?uid=swg21989975>) | [Hardcoding speed and duplex on M.1 might not work on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21989975>) | 2017-10-02 | 18 \n[1987436](<http://www.ibm.com/support/docview.wss?uid=swg21987436>) | [Access to captive portal using IPv6 address fails on IBM Security Network Protection appliances (XGS). ](<http://www.ibm.com/support/docview.wss?uid=swg21987436>) | 2017-04-14 | 19 \n[1661873](<http://www.ibm.com/support/docview.wss?uid=swg21661873>) | [Unable to download support files from an QRadar Network Security with IE Enhanced Security Configuration installed](<http://www.ibm.com/support/docview.wss?uid=swg21661873>) | 2018-05-01 | 20 \n[1983889](<http://www.ibm.com/support/docview.wss?uid=swg21983889>) | [HTTP 500 Internal Server Error when accessing the Security Network Protection (XGS) Local Management Interface (LMI)](<http://www.ibm.com/support/docview.wss?uid=swg21983889>) | 2018-05-01 | 21 \n[1597885](<http://www.ibm.com/support/docview.wss?uid=swg21597885>) | [Multiselect does not work properly](<http://www.ibm.com/support/docview.wss?uid=swg21597885>) | 2017-04-14 | 22 \n[1598332](<http://www.ibm.com/support/docview.wss?uid=swg21598332>) | [System Error - Tried to register widget with id==logdb_edit_dialog but that id is already registered](<http://www.ibm.com/support/docview.wss?uid=swg21598332>) | 2017-04-14 | 23 \n[1686991](<http://www.ibm.com/support/docview.wss?uid=swg21686991>) | [Captive authentication page occasionally fails to redirect the user on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21686991>) | 2018-05-01 | 24 \n[1986359](<http://www.ibm.com/support/docview.wss?uid=swg21986359>) | [The search bar in the IBM Security Network Protection Local Management Interface (LMI) help is not responding and searches can not be made.](<http://www.ibm.com/support/docview.wss?uid=swg21986359>) | 2017-04-14 | 25 \n[1999059](<http://www.ibm.com/support/docview.wss?uid=swg21999059>) | [LMI network graphs unreadable when using Chrome 56 on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21999059>) | 2017-06-10 | 26 \n[1999115](<http://www.ibm.com/support/docview.wss?uid=swg21999115>) | [Unable to access LMI after modifying the management IP address on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21999115>) | 2018-01-01 | 27 \n \n\\+ Network Access Policy\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1961068](<http://www.ibm.com/support/docview.wss?uid=swg21961068>) | [Blocking IP spoofed traffic with a QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21961068>) | 2017-08-28 | 1 \n[1983899](<http://www.ibm.com/support/docview.wss?uid=swg21983899>) | [Security Network Protection (XGS) Network Access Policy rules not working](<http://www.ibm.com/support/docview.wss?uid=swg21983899>) | 2017-06-19 | 2 \n[1961506](<http://www.ibm.com/support/docview.wss?uid=swg21961506>) | [IP reputation and geolocation information in NAP events on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21961506>) | 2017-10-16 | 3 \n[1990362](<http://www.ibm.com/support/docview.wss?uid=swg21990362>) | [Default IPS policy usage in NAP rules on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21990362>) | 2017-04-14 | 4 \n[1995199](<http://www.ibm.com/support/docview.wss?uid=swg21995199>) | [Configure Network Access Policies for the IBM Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21995199>) | 2017-04-14 | 5 \n[1962639](<http://www.ibm.com/support/docview.wss?uid=swg21962639>) | [Security Network Protection and Security Network IPS remote syslog logging facility](<http://www.ibm.com/support/docview.wss?uid=swg21962639>) | 2017-06-19 | 6 \n[1968101](<http://www.ibm.com/support/docview.wss?uid=swg21968101>) | [Drop or Reject Actions do not appear to apply for some rules on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21968101>) | 2017-10-17 | 7 \n[1974709](<http://www.ibm.com/support/docview.wss?uid=swg21974709>) | [Remote Syslog over TLS setup](<http://www.ibm.com/support/docview.wss?uid=swg21974709>) | 2017-12-12 | 8 \n[1990338](<http://www.ibm.com/support/docview.wss?uid=swg21990338>) | [Custom NAP rule naming on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21990338>) | 2018-05-23 | 9 \n[1698766](<http://www.ibm.com/support/docview.wss?uid=swg21698766>) | [Blocking specific ports by using Network Access policy on the Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21698766>) | 2018-05-01 | 10 \n[1750419](<http://www.ibm.com/support/docview.wss?uid=swg21750419>) | [Security Network Protection (XGS) is not blocking a URL with \"?\" parameter value](<http://www.ibm.com/support/docview.wss?uid=swg21750419>) | 2017-04-14 | 11 \n[1968211](<http://www.ibm.com/support/docview.wss?uid=swg21968211>) | [Default behavior for traffic that does not match any NAP rule on Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21968211>) | 2017-10-23 | 12 \n[1435089](<http://www.ibm.com/support/docview.wss?uid=swg21435089>) | [Unable to see newly added Network Objects or Response Objects in XGS Response Rules](<http://www.ibm.com/support/docview.wss?uid=swg21435089>) | 2017-04-14 | 13 \n[1700929](<http://www.ibm.com/support/docview.wss?uid=swg21700929>) | [Security Network Protection (XGS) block page is not found for NAP rules by using domain category and domain list objects](<http://www.ibm.com/support/docview.wss?uid=swg21700929>) | 2018-05-01 | 14 \n[1986086](<http://www.ibm.com/support/docview.wss?uid=swg21986086>) | [Error: \"Field must be between 0 and 255 in length\" when adding a rule to a QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21986086>) | 2017-08-28 | 15 \n[1644712](<http://www.ibm.com/support/docview.wss?uid=swg21644712>) | [LMI allows deletion of remote directory server that is referenced in an identity object](<http://www.ibm.com/support/docview.wss?uid=swg21644712>) | 2017-04-14 | 16 \n[1698149](<http://www.ibm.com/support/docview.wss?uid=swg21698149>) | [Error: \"Invalid scope\" on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21698149>) | 2017-04-14 | 17 \n[1644593](<http://www.ibm.com/support/docview.wss?uid=swg21644593>) | [IBM Security Network Protection does not detect ping echo replies](<http://www.ibm.com/support/docview.wss?uid=swg21644593>) | 2017-09-06 | 18 \n[1683989](<http://www.ibm.com/support/docview.wss?uid=swg21683989>) | [Some Network Access policy events don't contain URL Categories or Web Application information](<http://www.ibm.com/support/docview.wss?uid=swg21683989>) | 2018-05-01 | 19 \n[1975227](<http://www.ibm.com/support/docview.wss?uid=swg21975227>) | [Multiple changes to the Network Access Policy may cause a network interruption on the Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21975227>) | 2018-05-01 | 20 \n[1976509](<http://www.ibm.com/support/docview.wss?uid=swg21976509>) | [Using geolocation objects on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21976509>) | 2017-08-24 | 21 \n[1983886](<http://www.ibm.com/support/docview.wss?uid=swg21983886>) | [Creating Geolocation objects in the Event Filter policy](<http://www.ibm.com/support/docview.wss?uid=swg21983886>) | 2018-05-01 | 22 \n[2013039](<http://www.ibm.com/support/docview.wss?uid=swg22013039>) | [Stateful inspection on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22013039>) | 2018-02-19 | 23 \n \n\\+ Network Interface Module (NIM)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1698147](<http://www.ibm.com/support/docview.wss?uid=swg21698147>) | [Replacing network interface modules (NIMs) in the XGS appliance](<http://www.ibm.com/support/docview.wss?uid=swg21698147>) | 2018-01-29 | 1 \n[1666254](<http://www.ibm.com/support/docview.wss?uid=swg21666254>) | [Network Protection (XGS) policy changes that cause a link state change](<http://www.ibm.com/support/docview.wss?uid=swg21666254>) | 2018-05-01 | 2 \n[1987202](<http://www.ibm.com/support/docview.wss?uid=swg21987202>) | [40Gb Network Interface Module (NIM) update IBM QRadar Network Security (IQNS) 7100](<http://www.ibm.com/support/docview.wss?uid=swg21987202>) | 2018-05-01 | 3 \n \n\\+ Not Applicable\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1662387](<http://www.ibm.com/support/docview.wss?uid=swg21662387>) | [Agent Alert POST](<http://www.ibm.com/support/docview.wss?uid=swg21662387>) | 2017-08-24 | 1 \n[7045692](<http://www.ibm.com/support/docview.wss?uid=swg27045692>) | [Open Mic Webcast: How to Deploy and Configure the XGS - Wednesday, 20 May 2015 [includes link to recorded session; presentation slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27045692>) | 2018-05-23 | 2 \n[1689158](<http://www.ibm.com/support/docview.wss?uid=swg21689158>) | [Security Bulletin: Vulnerability in SSLv3 affects multiple IBM Security Infrastructure appliances (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21689158>) | 2018-02-15 | 3 \n[2001436](<http://www.ibm.com/support/docview.wss?uid=swg22001436>) | [PAM Statistics info and OID listing for QRadar Network Security (XGS) at XPU 37.030](<http://www.ibm.com/support/docview.wss?uid=swg22001436>) | 2018-05-01 | 4 \n[1987437](<http://www.ibm.com/support/docview.wss?uid=swg21987437>) | [Receiving warning messages when deploying policies that require restarting Analysis Daemon](<http://www.ibm.com/support/docview.wss?uid=swg21987437>) | 2017-04-14 | 5 \n[7047367](<http://www.ibm.com/support/docview.wss?uid=swg27047367>) | [Open Mic Webcast: XGS: Advanced Threat Protection Integration Options (QRadar export) - 28 January 2016 [Includes link to replay. Presentation is attached.]](<http://www.ibm.com/support/docview.wss?uid=swg27047367>) | 2017-04-15 | 6 \n[7045508](<http://www.ibm.com/support/docview.wss?uid=swg27045508>) | [Open Mic Webcast: Policy Migration from GX to XGS - Tuesday, 28 April 2015 [includes link to recorded event; presentation slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27045508>) | 2018-05-23 | 7 \n[7049643](<http://www.ibm.com/support/docview.wss?uid=swg27049643>) | [Open Mic: IQNS (XGS) X-Force Malware Analysis on the Cloud - 24 May 2017 (Includes link to replay. Slides are attached.)](<http://www.ibm.com/support/docview.wss?uid=swg27049643>) | 2017-06-05 | 8 \n[1690823](<http://www.ibm.com/support/docview.wss?uid=swg21690823>) | [Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183)](<http://www.ibm.com/support/docview.wss?uid=swg21690823>) | 2018-02-15 | 9 \n[7047876](<http://www.ibm.com/support/docview.wss?uid=swg27047876>) | [Infrastructure Support Open Mic Webcast: IBM Threat Protection System with XGS-QRadar Integration - 25 May 2016 [includes link to replay; presentation is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27047876>) | 2018-02-15 | 10 \n[1974288](<http://www.ibm.com/support/docview.wss?uid=swg21974288>) | [IBM Security Network Protection 5.3.2 Web Services API ](<http://www.ibm.com/support/docview.wss?uid=swg21974288>) | 2017-04-14 | 11 \n[7044438](<http://www.ibm.com/support/docview.wss?uid=swg27044438>) | [Open Mic Webcast for IBM Security Network Protection: Troubleshooting the XGS appliance - 20 January 2015 [includes link to replay; presentation slides are attached] ](<http://www.ibm.com/support/docview.wss?uid=swg27044438>) | 2018-05-23 | 12 \n[1690822](<http://www.ibm.com/support/docview.wss?uid=swg21690822>) | [Security Bulletin: Vulnerability in SSLv3 affects Network Protection (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21690822>) | 2018-02-15 | 13 \n[1696131](<http://www.ibm.com/support/docview.wss?uid=swg21696131>) | [Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-0235)](<http://www.ibm.com/support/docview.wss?uid=swg21696131>) | 2018-02-15 | 14 \n[7045078](<http://www.ibm.com/support/docview.wss?uid=swg27045078>) | [Open Mic Webcast for controlling internet access with XGS: a configuration walkthrough of user authentication - Wednesday, 4 March 2015 [inclues link to recording; slide deck is attached]](<http://www.ibm.com/support/docview.wss?uid=swg27045078>) | 2018-05-23 | 15 \n[7046280](<http://www.ibm.com/support/docview.wss?uid=swg27046280>) | [Open Mic Webcast: XGS - Keeping up with threat infrastructure by using alerts and audits - 26 August 2015 [presentation slides are attached; includes link to replay]](<http://www.ibm.com/support/docview.wss?uid=swg27046280>) | 2017-04-15 | 16 \n[1676529](<http://www.ibm.com/support/docview.wss?uid=swg21676529>) | [Security Bulletin: IBM Security Network Protection is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 ](<http://www.ibm.com/support/docview.wss?uid=swg21676529>) | 2018-02-15 | 17 \n[1680803](<http://www.ibm.com/support/docview.wss?uid=swg21680803>) | [Security Bulletin: IBM Security Network Protection System CPU Utilization (CVE-2014-0963)](<http://www.ibm.com/support/docview.wss?uid=swg21680803>) | 2018-02-15 | 18 \n[1693542](<http://www.ibm.com/support/docview.wss?uid=swg21693542>) | [Security Bulletin: IBM Security Network Protection is affected by ClickJacking vulnerability CVE-2014-6197](<http://www.ibm.com/support/docview.wss?uid=swg21693542>) | 2018-02-15 | 19 \n[1958090](<http://www.ibm.com/support/docview.wss?uid=swg21958090>) | [Security Bulletin: IBM Security Network Protection contains a Cross-Site Request Forgery vulnerability. ](<http://www.ibm.com/support/docview.wss?uid=swg21958090>) | 2018-02-15 | 20 \n[2002436](<http://www.ibm.com/support/docview.wss?uid=swg22002436>) | [Increased memory utilization in QRadar Network Security firmware 5.4](<http://www.ibm.com/support/docview.wss?uid=swg22002436>) | 2018-05-01 | 21 \n[1684903](<http://www.ibm.com/support/docview.wss?uid=swg21684903>) | [Security Bulletin: Network Protection is affected by multiple OpenSSL vulnerabilities (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511) ](<http://www.ibm.com/support/docview.wss?uid=swg21684903>) | 2018-02-15 | 22 \n[1696906](<http://www.ibm.com/support/docview.wss?uid=swg21696906>) | [Security Bulletin: IBM Security Network Protection is affected by OpenSSL vulnerabilities (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)](<http://www.ibm.com/support/docview.wss?uid=swg21696906>) | 2018-02-15 | 23 \n[1697248](<http://www.ibm.com/support/docview.wss?uid=swg21697248>) | [Security Bulletin: IBM Security Network Protection is vulnerable to Cross-Site Scripting. (CVE-2014-6189)](<http://www.ibm.com/support/docview.wss?uid=swg21697248>) | 2018-02-15 | 24 \n[7047473](<http://www.ibm.com/support/docview.wss?uid=swg27047473>) | [Open Mic Webcast: Why you need to use Automated Service and Support on the XGS - 25 February 2016 [Includes link to replay] [Presentation slides are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27047473>) | 2018-02-15 | 25 \n[7050149](<http://www.ibm.com/support/docview.wss?uid=swg27050149>) | [IBM Infrastructure Security Support July 2017 Newsletter ](<http://www.ibm.com/support/docview.wss?uid=swg27050149>) | 2017-08-24 | 26 \n[1675355](<http://www.ibm.com/support/docview.wss?uid=swg21675355>) | [Security Bulletin: IBM Security Network Protection System CPU utilization (CVE-2014-0963)](<http://www.ibm.com/support/docview.wss?uid=swg21675355>) | 2018-02-15 | 27 \n[1676875](<http://www.ibm.com/support/docview.wss?uid=swg21676875>) | [Security Bulletin: IBM Security Network Protection is affected by the following IBM\u00c2\u00ae SDK, Java\u00e2\u0084\u00a2 Technology Edition vulnerability (CVE-2014-2414) ](<http://www.ibm.com/support/docview.wss?uid=swg21676875>) | 2018-02-15 | 28 \n[1693657](<http://www.ibm.com/support/docview.wss?uid=swg21693657>) | [Security Bulletin: TLS padding vulnerability affects IBM Security Network Protection (CVE-2014-8730) ](<http://www.ibm.com/support/docview.wss?uid=swg21693657>) | 2018-02-15 | 29 \n[1696265](<http://www.ibm.com/support/docview.wss?uid=swg21696265>) | [Security Bulletin: Multiple vulnerabilities in IBM Security Network Protection (CVE-2014-3567, CVE-2014-4877, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568)](<http://www.ibm.com/support/docview.wss?uid=swg21696265>) | 2018-02-15 | 30 \n[1696521](<http://www.ibm.com/support/docview.wss?uid=swg21696521>) | [Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3065) ](<http://www.ibm.com/support/docview.wss?uid=swg21696521>) | 2018-02-15 | 31 \n[1696811](<http://www.ibm.com/support/docview.wss?uid=swg21696811>) | [Security Bulletin: IBM Security Network Protection is affected by a NSS vulnerability (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21696811>) | 2018-02-15 | 32 \n[1701264](<http://www.ibm.com/support/docview.wss?uid=swg21701264>) | [Security Bulletin: Vulnerability in GSKit affects IBM Security Network Protection (CVE-2015-0138) ](<http://www.ibm.com/support/docview.wss?uid=swg21701264>) | 2018-02-15 | 33 \n[1962064](<http://www.ibm.com/support/docview.wss?uid=swg21962064>) | [Security Bulletin: A vulnerability in GSKit affects IBM Security Network Protection (CVE-2015-1788)](<http://www.ibm.com/support/docview.wss?uid=swg21962064>) | 2018-02-15 | 34 \n[1963297](<http://www.ibm.com/support/docview.wss?uid=swg21963297>) | [Security Bulletin: A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2013-7424) ](<http://www.ibm.com/support/docview.wss?uid=swg21963297>) | 2017-04-14 | 35 \n[2011740](<http://www.ibm.com/support/docview.wss?uid=swg22011740>) | [Security Bulletin: IBM QRadar Network Security is affected by a denial of service vulnerability in cURL (CVE-2017-1000257) ](<http://www.ibm.com/support/docview.wss?uid=swg22011740>) | 2018-05-01 | 36 \n[2016575](<http://www.ibm.com/support/docview.wss?uid=swg22016575>) | [Impact of the Japanese era calendar change on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22016575>) | 2018-05-26 | 37 \n \n\\+ Operating system (OS)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1980551](<http://www.ibm.com/support/docview.wss?uid=swg21980551>) | [Interpreting LEEF formatting in syslog events on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21980551>) | 2018-05-01 | 1 \n[1986090](<http://www.ibm.com/support/docview.wss?uid=swg21986090>) | [Warning: \"User allocated memory\" on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986090>) | 2017-08-24 | 2 \n[1972161](<http://www.ibm.com/support/docview.wss?uid=swg21972161>) | [Allowed Characters for the Security Network Protection admin password](<http://www.ibm.com/support/docview.wss?uid=swg21972161>) | 2017-04-16 | 3 \n[1966576](<http://www.ibm.com/support/docview.wss?uid=swg21966576>) | [High disk usage on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21966576>) | 2018-05-06 | 4 \n[1983875](<http://www.ibm.com/support/docview.wss?uid=swg21983875>) | [MTU as defined on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21983875>) | 2017-08-02 | 5 \n[1698146](<http://www.ibm.com/support/docview.wss?uid=swg21698146>) | [Kernel debug procedures for the XGS appliance](<http://www.ibm.com/support/docview.wss?uid=swg21698146>) | 2017-10-30 | 6 \n[1978425](<http://www.ibm.com/support/docview.wss?uid=swg21978425>) | [Unable to SSH in to the Securty Network Protection (XGS) with error: failed to start sshd ](<http://www.ibm.com/support/docview.wss?uid=swg21978425>) | 2018-05-01 | 7 \n[1705154](<http://www.ibm.com/support/docview.wss?uid=swg21705154>) | [IBM Security Network Protection (XGS) firmware 5.3 \"Kernel Soft Lockup\"](<http://www.ibm.com/support/docview.wss?uid=swg21705154>) | 2018-05-06 | 8 \n[1996695](<http://www.ibm.com/support/docview.wss?uid=swg21996695>) | [Error: \"Allocated user memory\" in SiteProtector for Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21996695>) | 2018-05-23 | 9 \n[1959380](<http://www.ibm.com/support/docview.wss?uid=swg21959380>) | [CVE-2002-0510 vulnerability on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21959380>) | 2017-09-04 | 10 \n[1599917](<http://www.ibm.com/support/docview.wss?uid=swg21599917>) | [Changing Time Settings Causes Gaps or Missing Data in Statistics Display](<http://www.ibm.com/support/docview.wss?uid=swg21599917>) | 2017-04-14 | 11 \n \n\\+ Performance\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1968189](<http://www.ibm.com/support/docview.wss?uid=swg21968189>) | [Security Network Protection (XGS) SensorStatistics](<http://www.ibm.com/support/docview.wss?uid=swg21968189>) | 2018-05-01 | 1 \n[1701480](<http://www.ibm.com/support/docview.wss?uid=swg21701480>) | [Network Interface Module (NIM) ports perform better than built-in gigabit ports on XGS 5100 sensors](<http://www.ibm.com/support/docview.wss?uid=swg21701480>) | 2018-05-01 | 2 \n[1959239](<http://www.ibm.com/support/docview.wss?uid=swg21959239>) | [Packet delay or loss while making changes to XGS policies](<http://www.ibm.com/support/docview.wss?uid=swg21959239>) | 2017-04-14 | 3 \n[1902773](<http://www.ibm.com/support/docview.wss?uid=swg21902773>) | [Policy migration limitations and facts to consider](<http://www.ibm.com/support/docview.wss?uid=swg21902773>) | 2018-05-01 | 4 \n[1667527](<http://www.ibm.com/support/docview.wss?uid=swg21667527>) | [Session ID Resumption and SSL decryption](<http://www.ibm.com/support/docview.wss?uid=swg21667527>) | 2018-05-01 | 5 \n[1683772](<http://www.ibm.com/support/docview.wss?uid=swg21683772>) | [Experiencing latency while using the Security Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21683772>) | 2018-05-01 | 6 \n[1903622](<http://www.ibm.com/support/docview.wss?uid=swg21903622>) | [Security Network Protection (XGS) email alerts do not include hostname or IP address of the reporting appliance](<http://www.ibm.com/support/docview.wss?uid=swg21903622>) | 2018-05-01 | 7 \n[1698814](<http://www.ibm.com/support/docview.wss?uid=swg21698814>) | [Forced speed/duplex interface settings not working with XGS Firmware 5.3](<http://www.ibm.com/support/docview.wss?uid=swg21698814>) | 2017-04-14 | 8 \n[1987354](<http://www.ibm.com/support/docview.wss?uid=swg21987354>) | [IBM QRadar Network Security (IQNS) no System Alerts seen in System Events](<http://www.ibm.com/support/docview.wss?uid=swg21987354>) | 2018-05-01 | 9 \n[1962510](<http://www.ibm.com/support/docview.wss?uid=swg21962510>) | [\"Timer expiration\" error when deploying a policy change on Security Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21962510>) | 2017-08-24 | 10 \n[1977325](<http://www.ibm.com/support/docview.wss?uid=swg21977325>) | [Storage Limits and Allocation on the IBM Security Network Protection Appliance](<http://www.ibm.com/support/docview.wss?uid=swg21977325>) | 2017-04-14 | 11 \n[1999124](<http://www.ibm.com/support/docview.wss?uid=swg21999124>) | [Asymmetric traffic across NIMs for XGS7100 appliances](<http://www.ibm.com/support/docview.wss?uid=swg21999124>) | 2018-01-01 | 12 \n[1682809](<http://www.ibm.com/support/docview.wss?uid=swg21682809>) | [Unable to deploy policy to IBM QRadar Network Security IQNS (XGS) in SiteProtector.](<http://www.ibm.com/support/docview.wss?uid=swg21682809>) | 2018-05-01 | 13 \n[1667817](<http://www.ibm.com/support/docview.wss?uid=swg21667817>) | [Network Protection (XGS) unable to read or parse EEPROM data from selected slot](<http://www.ibm.com/support/docview.wss?uid=swg21667817>) | 2018-05-01 | 14 \n \n\\+ Protocol Analysis Module (PAM)\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1498057](<http://www.ibm.com/support/docview.wss?uid=swg21498057>) | [X-Force Protocol Analysis Module (PAM) signature information](<http://www.ibm.com/support/docview.wss?uid=swg21498057>) | 2018-01-01 | 1 \n[1436125](<http://www.ibm.com/support/docview.wss?uid=swg21436125>) | [Configuring a sensor to ignore or allowlist traffic from certain IP addresses](<http://www.ibm.com/support/docview.wss?uid=swg21436125>) | 2018-05-01 | 2 \n[1973599](<http://www.ibm.com/support/docview.wss?uid=swg21973599>) | [Protection against DoS and DDoS with IBM QRadar Network Security IQNS (XGS) and Network IPS (GX) appliances](<http://www.ibm.com/support/docview.wss?uid=swg21973599>) | 2018-05-01 | 3 \n[1962049](<http://www.ibm.com/support/docview.wss?uid=swg21962049>) | [Information about the coalescer on QRadar Network Security and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21962049>) | 2017-09-26 | 4 \n[1435809](<http://www.ibm.com/support/docview.wss?uid=swg21435809>) | [Some traffic allowed despite a configured Block response on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21435809>) | 2018-05-28 | 5 \n[1987735](<http://www.ibm.com/support/docview.wss?uid=swg21987735>) | [IBM X-Force introduces version scheme change for X-Press Updates (XPU) - June 2017](<http://www.ibm.com/support/docview.wss?uid=swg21987735>) | 2017-08-24 | 6 \n[1965579](<http://www.ibm.com/support/docview.wss?uid=swg21965579>) | [Bypassing inspection on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21965579>) | 2017-10-09 | 7 \n[1986647](<http://www.ibm.com/support/docview.wss?uid=swg21986647>) | [Severity levels for IBM X-Force security signatures](<http://www.ibm.com/support/docview.wss?uid=swg21986647>) | 2018-05-28 | 8 \n[1988495](<http://www.ibm.com/support/docview.wss?uid=swg21988495>) | [Flood protection behavior on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21988495>) | 2017-09-04 | 9 \n[1437359](<http://www.ibm.com/support/docview.wss?uid=swg21437359>) | [IEEE 802.3ad (EtherChannel) support on XGS and GX sensors](<http://www.ibm.com/support/docview.wss?uid=swg21437359>) | 2017-09-11 | 10 \n[1515937](<http://www.ibm.com/support/docview.wss?uid=swg21515937>) | [Two events generated for the same signature (one as Detected and other as Blocked) on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21515937>) | 2017-09-04 | 11 \n[1643272](<http://www.ibm.com/support/docview.wss?uid=swg21643272>) | [How to determine whether there is coverage for a particular CVE](<http://www.ibm.com/support/docview.wss?uid=swg21643272>) | 2017-08-24 | 12 \n[1701441](<http://www.ibm.com/support/docview.wss?uid=swg21701441>) | [X-Force Virtual Patch Protection Levels for QRadar Network Security and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21701441>) | 2018-05-07 | 13 \n[1975854](<http://www.ibm.com/support/docview.wss?uid=swg21975854>) | [PAM reports Akamai's IP instead of the 'True-Client-IP' HTTP header](<http://www.ibm.com/support/docview.wss?uid=swg21975854>) | 2017-08-09 | 14 \n[1962594](<http://www.ibm.com/support/docview.wss?uid=swg21962594>) | [Enabling or disabling inspection of X-Forward headers on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21962594>) | 2017-10-16 | 15 \n[1976382](<http://www.ibm.com/support/docview.wss?uid=swg21976382>) | [Unable to access live.com (Hotmail/Outlook) when Outbound SSL is enabled on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21976382>) | 2018-05-01 | 16 \n[1434828](<http://www.ibm.com/support/docview.wss?uid=swg21434828>) | [False positive on IBM host or network based IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21434828>) | 2017-06-26 | 17 \n[1999450](<http://www.ibm.com/support/docview.wss?uid=swg21999450>) | [Find PAM signature by issue ID on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21999450>) | 2018-05-01 | 18 \n[1683773](<http://www.ibm.com/support/docview.wss?uid=swg21683773>) | [Multiple false positives on Java-based security events on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21683773>) | 2017-09-26 | 19 \n[1624060](<http://www.ibm.com/support/docview.wss?uid=swg21624060>) | [Ignoring vulnerability scanner traffic on the Security Network IPS and Network Protection](<http://www.ibm.com/support/docview.wss?uid=swg21624060>) | 2018-05-01 | 20 \n[1468847](<http://www.ibm.com/support/docview.wss?uid=swg21468847>) | [Event and Response Filters with port ranges do not work with TCP_Port_Scan and UDP_Port_Scan](<http://www.ibm.com/support/docview.wss?uid=swg21468847>) | 2018-05-01 | 21 \n[1436031](<http://www.ibm.com/support/docview.wss?uid=swg21436031>) | [Determing the release date and coverage information for an XPU](<http://www.ibm.com/support/docview.wss?uid=swg21436031>) | 2017-04-14 | 22 \n[1643931](<http://www.ibm.com/support/docview.wss?uid=swg21643931>) | [HTTP HEAD and PUT methods not detected (blocked)](<http://www.ibm.com/support/docview.wss?uid=swg21643931>) | 2017-04-14 | 23 \n[1692287](<http://www.ibm.com/support/docview.wss?uid=swg21692287>) | [Signature coverage for SSLv3 (Poodle) on Security Network Protection and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21692287>) | 2017-09-04 | 24 \n[1697527](<http://www.ibm.com/support/docview.wss?uid=swg21697527>) | [Error: \"FNXPM1003E...\" trons interface errors on Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21697527>) | 2017-05-13 | 25 \n[1967067](<http://www.ibm.com/support/docview.wss?uid=swg21967067>) | [Compressed file traffic inspection by QRadar Network Security and Security Network IPS sensors](<http://www.ibm.com/support/docview.wss?uid=swg21967067>) | 2017-10-04 | 26 \n[1968099](<http://www.ibm.com/support/docview.wss?uid=swg21968099>) | [SMTP_Command_Binary_Overflow signature can cause a large number of events on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21968099>) | 2017-10-17 | 27 \n[1976381](<http://www.ibm.com/support/docview.wss?uid=swg21976381>) | [Skype traffic not being blocked by Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21976381>) | 2018-05-01 | 28 \n[1996694](<http://www.ibm.com/support/docview.wss?uid=swg21996694>) | [Security Network Protection treatment for \"iv-remote-address\" header information](<http://www.ibm.com/support/docview.wss?uid=swg21996694>) | 2018-05-23 | 29 \n[1435997](<http://www.ibm.com/support/docview.wss?uid=swg21435997>) | [User Defined Event compiler limitations for the Protocol Analysis Module](<http://www.ibm.com/support/docview.wss?uid=swg21435997>) | 2017-04-23 | 30 \n[1626557](<http://www.ibm.com/support/docview.wss?uid=swg21626557>) | [Tuning the DNS_Bind_OPT_DOS signature on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21626557>) | 2017-04-14 | 31 \n[1883737](<http://www.ibm.com/support/docview.wss?uid=swg21883737>) | [Skype UDP traffic is not recognized by the Protocol Analysis Module on IBM Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21883737>) | 2017-05-13 | 32 \n[1966581](<http://www.ibm.com/support/docview.wss?uid=swg21966581>) | [Analysis of DECNET traffic on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21966581>) | 2017-10-23 | 33 \n[1968561](<http://www.ibm.com/support/docview.wss?uid=swg21968561>) | [Inspection of duplicate packets by QRadar Network Security sensors with different interface modes](<http://www.ibm.com/support/docview.wss?uid=swg21968561>) | 2017-10-23 | 34 \n[1983891](<http://www.ibm.com/support/docview.wss?uid=swg21983891>) | [TCP_Probe_XXXX events do not fire when TCP_Port_Scan triggers on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21983891>) | 2018-05-28 | 35 \n[1983900](<http://www.ibm.com/support/docview.wss?uid=swg21983900>) | [SNMP_Activity version detection](<http://www.ibm.com/support/docview.wss?uid=swg21983900>) | 2018-05-01 | 36 \n \n\\+ SSL Inspection\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1960119](<http://www.ibm.com/support/docview.wss?uid=swg21960119>) | [Inspecting inbound SSL traffic on an internal server](<http://www.ibm.com/support/docview.wss?uid=swg21960119>) | 2017-05-12 | 1 \n[1666241](<http://www.ibm.com/support/docview.wss?uid=swg21666241>) | [SSL traffic protection on the Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21666241>) | 2018-05-01 | 2 \n[1964212](<http://www.ibm.com/support/docview.wss?uid=swg21964212>) | [Diffie-Hellman and inbound SSL inspection on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21964212>) | 2017-04-14 | 3 \n[1666913](<http://www.ibm.com/support/docview.wss?uid=swg21666913>) | [Inbound SSL inspection on the XGS appliance when operating in HA mode](<http://www.ibm.com/support/docview.wss?uid=swg21666913>) | 2018-05-01 | 4 \n[1986092](<http://www.ibm.com/support/docview.wss?uid=swg21986092>) | [Support for TLS Extended Master Secret on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986092>) | 2018-05-13 | 5 \n[7046102](<http://www.ibm.com/support/docview.wss?uid=swg27046102>) | [Open Mic replay: Overview of how SSL Inspection works on the XGS - 29 July 2015 [includes link to recording; presentation and speaker notes are attached]](<http://www.ibm.com/support/docview.wss?uid=swg27046102>) | 2018-05-23 | 6 \n[1967118](<http://www.ibm.com/support/docview.wss?uid=swg21967118>) | [Security Network Protection (XGS) inbound and outbound SSL inspection session resumption](<http://www.ibm.com/support/docview.wss?uid=swg21967118>) | 2017-06-19 | 7 \n[1986091](<http://www.ibm.com/support/docview.wss?uid=swg21986091>) | [GLG license messages on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986091>) | 2017-08-24 | 8 \n[2004900](<http://www.ibm.com/support/docview.wss?uid=swg22004900>) | [Inbound SSL analysis of SSLv2 traffic might cause inspection engine crashes on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22004900>) | 2017-12-08 | 9 \n[1650197](<http://www.ibm.com/support/docview.wss?uid=swg21650197>) | [SSL Inspection - Frequently Asked Questions](<http://www.ibm.com/support/docview.wss?uid=swg21650197>) | 2017-04-14 | 10 \n[1958051](<http://www.ibm.com/support/docview.wss?uid=swg21958051>) | [Outbound SSL use of certificates on the XGS](<http://www.ibm.com/support/docview.wss?uid=swg21958051>) | 2018-05-01 | 11 \n[1666891](<http://www.ibm.com/support/docview.wss?uid=swg21666891>) | [Network Protection (XGS) use of multiple SSL certificates](<http://www.ibm.com/support/docview.wss?uid=swg21666891>) | 2018-05-01 | 12 \n[1666909](<http://www.ibm.com/support/docview.wss?uid=swg21666909>) | [Network Protection (XGS) SSL decryption and passive monitoring mode](<http://www.ibm.com/support/docview.wss?uid=swg21666909>) | 2018-05-01 | 13 \n[1666889](<http://www.ibm.com/support/docview.wss?uid=swg21666889>) | [Network Protection (XGS): Impact of adding, deleting, and renewing SSL inspection certificates](<http://www.ibm.com/support/docview.wss?uid=swg21666889>) | 2018-05-01 | 14 \n[2008309](<http://www.ibm.com/support/docview.wss?uid=swg22008309>) | [Error: \"packet rewriting error\" on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22008309>) | 2017-12-13 | 15 \n[1903062](<http://www.ibm.com/support/docview.wss?uid=swg21903062>) | [Windows Updates fail with Outbound SSL inspection enabled on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21903062>) | 2018-05-01 | 16 \n[1700438](<http://www.ibm.com/support/docview.wss?uid=swg21700438>) | [IBM Security Network Protection Response to \u00e2\u0080\u009cThe Risks of SSL Inspection\u00e2\u0080\u009d CERT/CC Blog Post](<http://www.ibm.com/support/docview.wss?uid=swg21700438>) | 2018-05-21 | 17 \n[1972184](<http://www.ibm.com/support/docview.wss?uid=swg21972184>) | [Using domain certificate objects for Outbound SSL Inspection Policy on IBM Qradar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg21972184>) | 2018-05-01 | 18 \n[1987355](<http://www.ibm.com/support/docview.wss?uid=swg21987355>) | [IBM QRadar Network Security (IQNS) 4096 bit encryption for inbound SSL inspection](<http://www.ibm.com/support/docview.wss?uid=swg21987355>) | 2018-05-01 | 19 \n[1667164](<http://www.ibm.com/support/docview.wss?uid=swg21667164>) | [Network Protection (XGS) - Creating a private key with a passphrase when generating a certificate for SSL decryption](<http://www.ibm.com/support/docview.wss?uid=swg21667164>) | 2018-05-01 | 20 \n[1903522](<http://www.ibm.com/support/docview.wss?uid=swg21903522>) | [Traffic using SPDY protocol is not analyzed by Outbound SSL inspection](<http://www.ibm.com/support/docview.wss?uid=swg21903522>) | 2017-05-08 | 21 \n[1977446](<http://www.ibm.com/support/docview.wss?uid=swg21977446>) | [Analysis daemon crash due to Outbound SSL rules on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21977446>) | 2017-04-23 | 22 \n[1666906](<http://www.ibm.com/support/docview.wss?uid=swg21666906>) | [Non-RFC compliant traffic and SSL inspection on the Network Protection (XGS) appliance](<http://www.ibm.com/support/docview.wss?uid=swg21666906>) | 2018-05-01 | 23 \n[1975332](<http://www.ibm.com/support/docview.wss?uid=swg21975332>) | [File upload or download is slow with Outbound SSL Inspection enabled on Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21975332>) | 2017-04-14 | 24 \n[1992908](<http://www.ibm.com/support/docview.wss?uid=swg21992908>) | [Configuring Remote Syslog over TLS on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21992908>) | 2017-04-14 | 25 \n[2005572](<http://www.ibm.com/support/docview.wss?uid=swg22005572>) | [Unable to access certain websites after updating the XGS appliance.](<http://www.ibm.com/support/docview.wss?uid=swg22005572>) | 2017-09-02 | 26 \n[1640383](<http://www.ibm.com/support/docview.wss?uid=swg21640383>) | [Determining which SSL connections the Network Protection appliance inspects for sites that use self-signed certificates ](<http://www.ibm.com/support/docview.wss?uid=swg21640383>) | 2017-08-04 | 27 \n[1643924](<http://www.ibm.com/support/docview.wss?uid=swg21643924>) | [SSL client error: Can't establish a secure connection](<http://www.ibm.com/support/docview.wss?uid=swg21643924>) | 2017-04-14 | 28 \n[1645833](<http://www.ibm.com/support/docview.wss?uid=swg21645833>) | [Outbound SSL inspection: Determining if a client connection is being inspected through the Network Protection appliance](<http://www.ibm.com/support/docview.wss?uid=swg21645833>) | 2017-08-03 | 29 \n[1646158](<http://www.ibm.com/support/docview.wss?uid=swg21646158>) | [Outbound SSL inspection: Client connections are partially blocked or cannot access HTTPS sites](<http://www.ibm.com/support/docview.wss?uid=swg21646158>) | 2017-08-02 | 30 \n[1669034](<http://www.ibm.com/support/docview.wss?uid=swg21669034>) | [Order of precedence with matching inbound and outbound SSL inspection rules](<http://www.ibm.com/support/docview.wss?uid=swg21669034>) | 2018-05-01 | 31 \n[1682810](<http://www.ibm.com/support/docview.wss?uid=swg21682810>) | [Error: \"NULL Cipher Pointer\" on the Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21682810>) | 2017-09-11 | 32 \n[1974966](<http://www.ibm.com/support/docview.wss?uid=swg21974966>) | [Outbound SSL Inspection triggers SSL_Malformed_Certificate events on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21974966>) | 2017-04-24 | 33 \n[1993272](<http://www.ibm.com/support/docview.wss?uid=swg21993272>) | [Performance issues due to Outbound SSL policy on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21993272>) | 2017-04-14 | 34 \n[2003465](<http://www.ibm.com/support/docview.wss?uid=swg22003465>) | [Inbound SSL rules using the \"any\" destination might cause crashes on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg22003465>) | 2017-06-19 | 35 \n[1883845](<http://www.ibm.com/support/docview.wss?uid=swg21883845>) | [Security Network Protection failing to decrypt SSL incoming traffic in firmware version 5.2](<http://www.ibm.com/support/docview.wss?uid=swg21883845>) | 2017-04-14 | 36 \n[1967594](<http://www.ibm.com/support/docview.wss?uid=swg21967594>) | [Updating VMware products when Outbound SSL Inspection is enabled on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21967594>) | 2017-10-17 | 37 \n[1967595](<http://www.ibm.com/support/docview.wss?uid=swg21967595>) | [IBM SR file upload issues when Outbound SSL Inspection is enabled on Security Network Protection sensors ](<http://www.ibm.com/support/docview.wss?uid=swg21967595>) | 2017-04-14 | 38 \n[1992466](<http://www.ibm.com/support/docview.wss?uid=swg21992466>) | [Yahoo! Messenger changes cause outbound SSL MitM to fail on Security Network Protection sensors](<http://www.ibm.com/support/docview.wss?uid=swg21992466>) | 2017-11-06 | 39 \n \n\\+ Tuning Parameters\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1987352](<http://www.ibm.com/support/docview.wss?uid=swg21987352>) | [IBM QRadar Network Security (IQNS) debug logging](<http://www.ibm.com/support/docview.wss?uid=swg21987352>) | 2018-05-01 | 1 \n[2008978](<http://www.ibm.com/support/docview.wss?uid=swg22008978>) | [IBM QRadar Network Security (XGS) Tuning Parameters for Certificate Authority (CA) health check](<http://www.ibm.com/support/docview.wss?uid=swg22008978>) | 2017-12-06 | 2 \n[1965103](<http://www.ibm.com/support/docview.wss?uid=swg21965103>) | [IBM QRadar Network Security IQNS (XGS) Tuning Parameters for System Alerts notifications](<http://www.ibm.com/support/docview.wss?uid=swg21965103>) | 2018-05-01 | 3 \n[1677865](<http://www.ibm.com/support/docview.wss?uid=swg21677865>) | [IBM QRadar Network Security IQNS (XGS) - Tuning parameter for large number of compressed HTTP sessions ](<http://www.ibm.com/support/docview.wss?uid=swg21677865>) | 2018-05-01 | 4 \n[1969502](<http://www.ibm.com/support/docview.wss?uid=swg21969502>) | [Preventing the TCP Reset in Passive Monitoring Mode on the Security Network IPS (GX) and the IBM QRadar Network Security IQNS (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21969502>) | 2018-05-01 | 5 \n[1997392](<http://www.ibm.com/support/docview.wss?uid=swg21997392>) | [Enabling and disabling flow control pause frames with tuning parameters on the IBM Security Network Protection XGS appliances](<http://www.ibm.com/support/docview.wss?uid=swg21997392>) | 2017-04-14 | 6 \n[1968100](<http://www.ibm.com/support/docview.wss?uid=swg21968100>) | [Detecting credit card numbers using the QRadar Network Security sensor](<http://www.ibm.com/support/docview.wss?uid=swg21968100>) | 2018-05-29 | 7 \n[1986093](<http://www.ibm.com/support/docview.wss?uid=swg21986093>) | [pam.sweep.block.allow parameter can cause blocking issues on QRadar Network Security sensors](<http://www.ibm.com/support/docview.wss?uid=swg21986093>) | 2017-08-28 | 8 \n[2000597](<http://www.ibm.com/support/docview.wss?uid=swg22000597>) | [Ports do not come up after enabling HA on an XGS7100 at firmware 5.3.3.2](<http://www.ibm.com/support/docview.wss?uid=swg22000597>) | 2018-05-01 | 9 \n \n\\+ XPU\n\nDoc Number | Title | Last Updated | Popularity \n---|---|---|--- \n[1990298](<http://www.ibm.com/support/docview.wss?uid=swg21990298>) | [Updating Security Network Protection application databases via SiteProtector X-Press Update Server](<http://www.ibm.com/support/docview.wss?uid=swg21990298>) | 2017-04-17 | 1 \n[1903179](<http://www.ibm.com/support/docview.wss?uid=swg21903179>) | [IBM Proventia family PAM Content Update 35.050 - README](<http://www.ibm.com/support/docview.wss?uid=swg21903179>) | 2018-05-01 | 2 \n[2009168](<http://www.ibm.com/support/docview.wss?uid=swg22009168>) | [PAM XPU date differences on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22009168>) | 2017-10-18 | 3 \n[1963514](<http://www.ibm.com/support/docview.wss?uid=swg21963514>) | [URL Category Database, Web Application Database, and IP Reputation Database updates may fail due to Scanning IP reputation ](<http://www.ibm.com/support/docview.wss?uid=swg21963514>) | 2018-01-29 | 4 \n[1667616](<http://www.ibm.com/support/docview.wss?uid=swg21667616>) | [Rolling back an XPU on the Network Protection (XGS)](<http://www.ibm.com/support/docview.wss?uid=swg21667616>) | 2018-05-01 | 5 \n[2002781](<http://www.ibm.com/support/docview.wss?uid=swg22002781>) | [XPUs applied after firmware update is installed on QRadar Network Security](<http://www.ibm.com/support/docview.wss?uid=swg22002781>) | 2018-05-01 | 6 \n[1961531](<http://www.ibm.com/support/docview.wss?uid=swg21961531>) | [XPU version rolled back after updating Security Network Protection (XGS) firmware](<http://www.ibm.com/support/docview.wss?uid=swg21961531>) | 2017-10-16 | 7 \n[2000267](<http://www.ibm.com/support/docview.wss?uid=swg22000267>) | [XPU install or rollback can cause protection interfaces to recycle in Security Network Protection firmware 5.3.3.2](<http://www.ibm.com/support/docview.wss?uid=swg22000267>) | 2018-02-12 | 8 \n \n \n\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-31T00:10:25", "type": "ibm", "title": "IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-0510", "CVE-2008-5161", "CVE-2010-5298", "CVE-2012-5667", "CVE-2013-4164", "CVE-2013-4492", "CVE-2013-5442", "CVE-2013-7423", "CVE-2013-7424", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-0963", "CVE-2014-2414", "CVE-2014-2532", "CVE-2014-3065", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3565", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-4607", "CVE-2014-4877", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-5355", "CVE-2014-6183", "CVE-2014-6189", "CVE-2014-6197", "CVE-2014-6457", "CVE-2014-6512", "CVE-2014-6558", "CVE-2014-8121", "CVE-2014-8139", "CVE-2014-8140", "CVE-2014-8141", "CVE-2014-8275", "CVE-2014-8730", "CVE-2014-9421", "CVE-2014-9422", "CVE-2014-9636", "CVE-2014-9645", "CVE-2015-0138", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0235", "CVE-2015-1283", "CVE-2015-1345", "CVE-2015-1781", "CVE-2015-1788", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-1819", "CVE-2015-2806", "CVE-2015-3183", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3238", "CVE-2015-3245", "CVE-2015-3246", "CVE-2015-3405", "CVE-2015-3416", "CVE-2015-3622", "CVE-2015-4000", "CVE-2015-5300", "CVE-2015-5352", "CVE-2015-5600", "CVE-2015-5621", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-7547", "CVE-2015-7704", "CVE-2015-8138", "CVE-2015-8325", "CVE-2015-8629", "CVE-2015-8631", "CVE-2016-0201", "CVE-2016-0634", "CVE-2016-0718", "CVE-2016-0787", "CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-3092", "CVE-2016-5542", "CVE-2016-5554", "CVE-2016-5556", "CVE-2016-5568", "CVE-2016-5573", "CVE-2016-5597", "CVE-2016-6210", "CVE-2016-6313", "CVE-2016-6515", "CVE-2016-7167", "CVE-2016-7543", "CVE-2016-8106", "CVE-2016-8610", "CVE-2016-9401", "CVE-2017-1000257", "CVE-2017-1000366", "CVE-2017-1457", "CVE-2017-1458", "CVE-2017-1491", "CVE-2017-3731", "CVE-2017-9800"], "modified": "2021-01-31T00:10:25", "id": "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "href": "https://www.ibm.com/support/pages/node/278867", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "cvss3": {}, "published": "2015-07-30T13:56:25", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssh-6.9p1-3.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-07-30T13:56:25", "id": "FEDORA:27BE8609204C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I34XHQR3QNKKTQ3D2HCIZKINV6T2U3ZD/", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "cvss3": {}, "published": "2015-07-31T07:53:13", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssh-6.9p1-4.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-07-31T07:53:13", "id": "FEDORA:5CE3E6118DC1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FPGVSFLC3H6R6NDVFDGVA6WWJKWLQJUC/", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "cvss3": {}, "published": "2015-08-19T08:15:54", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssh-6.9p1-5.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-08-19T08:15:54", "id": "FEDORA:146EF61A1014", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T6YHP4GZIWTPLOODMEA3MXOY5ZL6HL2F/", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "cvss3": {}, "published": "2015-08-03T04:31:13", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: openssh-6.6.1p1-15.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9278", "CVE-2015-5600"], "modified": "2015-08-03T04:31:13", "id": "FEDORA:2E88760877A1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BCKAJFAJ7TEVSIOUC7SPLOOSUIC45K45/", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "cvss3": {}, "published": "2015-08-27T23:52:00", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2015-08-27T23:52:00", "id": "FEDORA:7B66961B84A2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JZUU27LN2QOKO6LRGGI27FVWO4X7PCUA/", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:02", "description": "Junos OS is prone to a restriction bypass vulnerability in OpenSSH.", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "openvas", "title": "Junos OpenSSH Restriction Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310106046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106046", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_cve-2015-5600.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Junos OpenSSH Restriction Bypass Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106046\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 11:15:58 +0700 (Tue, 24 Nov 2015)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2015-5600\");\n\n script_name(\"Junos OpenSSH Restriction Bypass Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to a restriction bypass vulnerability in OpenSSH.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability in OpenSSH may allow a remote network based\nattacker to effectively bypass restrictions on number of authentication attempts, as defined by\nMaxAuthTries settings on Junos.\");\n\n script_tag(name:\"impact\", value:\"The vulnerability may enable brute force password attacks to gain\naccess to the device.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 12.1, 12.3, 13.2, 13.3, 14.1, 14.2 and 15.1\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper. As a\nworkaround disable password based authentication completely, and implement key based authentication\nexclusively in the SSH server configuration.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10697\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^12\") {\n if ((revcomp(a: version, b: \"12.1X44-D55\") < 0) &&\n (revcomp(a: version, b: \"12.1X44\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.1X46-D40\") < 0) &&\n (revcomp(a: version, b: \"12.1X46\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.1X47-D30\") < 0) &&\n (revcomp(a: version, b: \"12.1X47\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3R11\") < 0) &&\n (revcomp(a: version, b: \"12.3\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3X48-D20\") < 0) &&\n (revcomp(a: version, b: \"12.3X48\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if ((revcomp(a: version, b: \"13.2X51-D40\") < 0) &&\n (revcomp(a: version, b: \"13.2X51\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.2X52-D30\") < 0) &&\n (revcomp(a: version, b: \"13.2X52\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.3R8\") < 0) &&\n (revcomp(a: version, b: \"13.3\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a: version, b: \"14.1R6\") < 0) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.2R5\") < 0) &&\n (revcomp(a: version, b: \"14.2\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n}\n\nif (version =~ \"^15\") {\n if (revcomp(a: version, b: \"15.1F2-S1\") < 0) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1R2\") < 0) &&\n (revcomp(a: version, b: \"15.1R\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X49-D20\") < 0) &&\n (revcomp(a: version, b: \"15.1X49\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X53-D20\") < 0) &&\n (revcomp(a: version, b: \"15.1X53\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-01T00:00:00", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2015-12177", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869829", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869829", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2015-12177\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869829\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-01 06:54:27 +0200 (Sat, 01 Aug 2015)\");\n script_cve_id(\"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssh FEDORA-2015-12177\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssh on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12177\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162965.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.9p1~4.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-31T00:00:00", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2015-11981", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2015-11981\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869826\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-31 07:17:52 +0200 (Fri, 31 Jul 2015)\");\n script_cve_id(\"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssh FEDORA-2015-11981\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssh on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-11981\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.9p1~3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:01", "description": "Mageia Linux Local Security Checks mgasa-2015-0295", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0295", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0295.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130083\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:30 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0295\");\n script_tag(name:\"insight\", value:\"The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used (the default configuration in Mageia), can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker in brute-force password guessing (CVE-2015-5600).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0295.html\");\n script_cve_id(\"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0295\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6p1~5.3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-20T00:00:00", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2015-13520", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869875", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2015-13520\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869875\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:40:41 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssh FEDORA-2015-13520\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssh on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-13520\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164224.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.9p1~5.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssh USN-2710-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssh USN-2710-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842409\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-15 05:05:45 +0200 (Sat, 15 Aug 2015)\");\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssh USN-2710-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Moritz Jodeit discovered that OpenSSH\nincorrectly handled usernames when using PAM authentication. If an additional\nvulnerability were discovered in the OpenSSH unprivileged child process, this\nissue could allow a remote attacker to perform user impersonation. (CVE number\npending) Moritz Jodeit discovered that OpenSSH incorrectly handled context memory\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to bypass authentication or possibly execute\narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for\nX connections. A remote attacker could use this issue to bypass certain\naccess restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive\nauthentication. In a non-default configuration, a remote attacker could\npossibly use this issue to perform a brute-force password attack.\n(CVE-2015-5600)\");\n script_tag(name:\"affected\", value:\"openssh on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2710-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2710-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:6.6p1-2ubuntu2.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:5.9p1-5ubuntu1.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "description": "Oracle Linux Local Security Checks ELSA-2016-3531", "cvss3": {}, "published": "2016-04-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-3531", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122921", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122921", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-3531.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122921\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-04-06 14:33:00 +0300 (Wed, 06 Apr 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-3531\");\n script_tag(name:\"insight\", value:\"ELSA-2016-3531 - openssh security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-3531\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-3531.html\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.3p2~82.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-askpass\", rpm:\"openssh-askpass~4.3p2~82.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~4.3p2~82.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~4.3p2~82.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-22T00:00:00", "type": "openvas", "title": "RedHat Update for openssh RHSA-2016:0466-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871579", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871579", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssh RHSA-2016:0466-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871579\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-22 06:12:28 +0100 (Tue, 22 Mar 2016)\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssh RHSA-2016:0466-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSH is OpenBSD's SSH (Secure Shell)\nprotocol implementation. These packages include the core files necessary for both\nthe OpenSSH client and server.\n\nIt was discovered that the OpenSSH server did not sanitize data received\nin requests to enable X11 forwarding. An authenticated client with\nrestricted SSH access could possibly use this flaw to bypass intended\nrestrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"openssh on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0466-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00053.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~5.3p1~114.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-askpass\", rpm:\"openssh-askpass~5.3p1~114.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~5.3p1~114.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-debuginfo\", rpm:\"openssh-debuginfo~5.3p1~114.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~5.3p1~114.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "description": "Check the version of openssh", "cvss3": {}, "published": "2016-03-22T00:00:00", "type": "openvas", "title": "CentOS Update for openssh CESA-2016:0466 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882431", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssh CESA-2016:0466 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882431\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-22 06:12:46 +0100 (Tue, 22 Mar 2016)\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssh CESA-2016:0466 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of openssh\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSH is OpenBSD's SSH (Secure Shell)\nprotocol implementation. These packages include the core files necessary for\nboth the OpenSSH client and server.\n\nIt was discovered that the OpenSSH server did not sanitize data received\nin requests to enable X11 forwarding. An authenticated client with\nrestricted SSH access could possibly use this flaw to bypass intended\nrestrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"openssh on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0466\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021745.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~5.3p1~114.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-askpass\", rpm:\"openssh-askpass~5.3p1~114.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~5.3p1~114.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-ldap\", rpm:\"openssh-ldap~5.3p1~114.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~5.3p1~114.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_ssh_agent_auth\", rpm:\"pam_ssh_agent_auth~0.9.3~114.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssh USN-2710-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842418", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssh USN-2710-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842418\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:45:59 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-5352\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssh USN-2710-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-2710-1 fixed vulnerabilities in OpenSSH.\nThe upstream fix for CVE-2015-5600 caused a regression resulting in random\nauthentication failures in non-default configurations. This update fixes the\nproblem.\n\nOriginal advisory details:\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames when\nusing PAM authentication. If an additional vulnerability were discovered in\nthe OpenSSH unprivileged child process, this issue could allow a remote\nattacker to perform user impersonation. (CVE number pending)\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to bypass authentication or possibly execute\narbitrary code. (CVE number pending)\nJann Horn discovered that OpenSSH incorrectly handled time windows for\nX connections. A remote attacker could use this issue to bypass certain\naccess restrictions. (CVE-2015-5352)\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive\nauthentication. In a non-default configuration, a remote attacker could\npossibly use this issue to perform a brute-force password attack.\n(CVE-2015-5600)\");\n script_tag(name:\"affected\", value:\"openssh on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2710-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2710-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:6.6p1-2ubuntu2.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:5.9p1-5ubuntu1.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-11T00:00:00", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2015-12054", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2014-9278"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869834", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869834", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2015-12054\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869834\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-11 11:56:26 +0530 (Tue, 11 Aug 2015)\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2014-9278\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssh FEDORA-2015-12054\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssh on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12054\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163045.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6.1p1~15.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "openvas", "title": "RedHat Update for openssh RHSA-2015:2088-06", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-6563"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871506", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871506", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssh RHSA-2015:2088-06\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871506\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:27:06 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssh RHSA-2015:2088-06\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSH is OpenBSD's SSH (Secure Shell)\nprotocol implementation. These packages include the core files necessary for both\nthe OpenSSH client and server.\n\nA flaw was found in the way OpenSSH handled PAM authentication when using\nprivilege separation. An attacker with valid credentials on the system and\nable to fully compromise a non-privileged pre-authentication process using\na different flaw could use this flaw to authenticate as other users.\n(CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a different\nflaw could possibly cause sshd to crash or execute arbitrary code with\nroot privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys\nused for public key authentication, was vulnerable to password guessing\nattacks. An attacker able to connect to the agent could use this flaw to\nconduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs:\n\n * Previously, the sshd_config(5) man page was misleading and could thus\nconfuse the user. This update improves the man page text to clearly\ndescribe the AllowGroups feature. (BZ#1150007)\n\n * The limit for the function for restricting the number of files listed\nusing the wildcard character (*) that prevents the Denial of Service (DoS)\nfor both server and client was previously set too low. Consequently, the\nuser reaching the limit was prevented from listing a directory with a large\nnumber of files over Secure File Transfer Protocol (SFTP). This update\nincreases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n * When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to '2', multiplexed SSH connections did not work\nas expected. After the user attempted to open a second multiplexed\nconnection, the attempt failed if the first connection was still open. This\nupdate modifies OpenSSH to issue only one audit message per session, and\nthe user is thus able to open two multiplexed connections in this\nsituation. (BZ#1199112)\n\n * The ssh-copy-id utility failed if the account on the remote server did\nnot use an sh-like shell. Remote commands have been modified to run in an\nsh-like shell, and ssh-copy-id now works also with non-sh-like she ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"openssh on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2088-06\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00018.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6.1p1~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-askpass\", rpm:\"openssh-askpass~6.6.1p1~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~6.6.1p1~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-debuginfo\", rpm:\"openssh-debuginfo~6.6.1p1~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-keycat\", rpm:\"openssh-keycat~6.6.1p1~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~6.6.1p1~22.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:07", "description": "This host is running OpenSSH and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2015-09-15T00:00:00", "type": "openvas", "title": "OpenSSH Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-6563"], "modified": "2019-05-22T00:00:00", "id": "OPENVAS:1361412562310806052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806052", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSH Multiple Vulnerabilities\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openbsd:openssh\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806052\");\n script_version(\"2019-05-22T07:58:25+0000\");\n script_cve_id(\"CVE-2015-6564\", \"CVE-2015-6563\", \"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 07:58:25 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-09-15 10:17:32 +0530 (Tue, 15 Sep 2015)\");\n script_name(\"OpenSSH Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssh_consolidation.nasl\");\n script_mandatory_keys(\"openssh/detected\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2015/Aug/54\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/07/23/4\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSH and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Use-after-free vulnerability in the 'mm_answer_pam_free_ctx' function in\n monitor.c in sshd.\n\n - Vulnerability in 'kbdint_next_device' function in auth2-chall.c in sshd.\n\n - Vulnerability in the handler for the MONITOR_REQ_PAM_FREE_CTX request.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain privileges, to conduct impersonation attacks, to conduct brute-force\n attacks or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"OpenSSH versions before 7.0.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSH 7.0 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_is_less( version:vers, test_version:\"7.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"7.0\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-03-17T22:59:34", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-625)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-6563"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120615", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120615", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120615\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:26 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-625)\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.\");\n script_tag(name:\"solution\", value:\"Run yum update openssh to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-625.html\");\n script_cve_id(\"CVE-2015-6563\", \"CVE-2015-5600\", \"CVE-2015-6564\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6.1p1~22.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~6.6.1p1~22.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"auth\", rpm:\"auth~0.9.3~9.22.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-keycat\", rpm:\"openssh-keycat~6.6.1p1~22.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-ldap\", rpm:\"openssh-ldap~6.6.1p1~22.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-debuginfo\", rpm:\"openssh-debuginfo~6.6.1p1~22.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~6.6.1p1~22.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-28T00:00:00", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2015-13469", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-6563"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869911", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869911", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2015-13469\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869911\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-28 05:03:49 +0200 (Fri, 28 Aug 2015)\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssh FEDORA-2015-13469\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssh on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-13469\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6.1p1~16.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:28", "description": "Oracle Linux Local Security Checks ELSA-2015-2088", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2088", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-6563"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122744", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2088.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122744\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:20 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2088\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2088 - openssh security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2088\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2088.html\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6.1p1~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-askpass\", rpm:\"openssh-askpass~6.6.1p1~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~6.6.1p1~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-keycat\", rpm:\"openssh-keycat~6.6.1p1~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-ldap\", rpm:\"openssh-ldap~6.6.1p1~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~6.6.1p1~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-server-sysvinit\", rpm:\"openssh-server-sysvinit~6.6.1p1~22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"pam_ssh_agent_auth\", rpm:\"pam_ssh_agent_auth~0.9.3~9.22.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:59", "description": "Gentoo Linux Local Security Checks GLSA 201512-04", "cvss3": {}, "published": "2015-12-22T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201512-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6565", "CVE-2015-6563"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121426", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201512-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121426\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-22 06:47:49 +0200 (Tue, 22 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201512-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201512-04\");\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\", \"CVE-2015-6565\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201512-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/openssh\", unaffected: make_list(\"ge 7.1_p1-r2\"), vulnerable: make_list(\"lt 7.1_p1-r2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-01-29T20:09:27", "description": "Several vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\nCVE-2015-5352\n\nOpenSSH incorrectly verified time window deadlines for X connections.\nRemote attackers could take advantage of this flaw to bypass intended\naccess restrictions. Reported by Jann Horn.\n\nCVE-2015-5600\n\nOpenSSH improperly restricted the processing of keyboard-interactive\ndevices within a single connection, which could allow remote attackers\nto perform brute-force attacks or cause a denial of service, in a\nnon-default configuration.\n\nCVE-2015-6563\n\nOpenSSH incorrectly handled usernames during PAM authentication. In\nconjunction with an additional flaw in the OpenSSH unprivileged child\nprocess, remote attackers could make use if this issue to perform user\nimpersonation. Discovered by Moritz Jodeit.\n\nCVE-2015-6564\n\nMoritz Jodeit discovered a use-after-free flaw in PAM support in\nOpenSSH, that could be used by remote attackers to bypass\nauthentication or possibly execute arbitrary code.\n\nCVE-2016-1908\n\nOpenSSH mishandled untrusted X11 forwarding when the X server disables\nthe SECURITY extension. Untrusted connections could obtain trusted X11\nforwarding privileges. Reported by Thomas Hoger.\n\nCVE-2016-3115\n\nOpenSSH improperly handled X11 forwarding data related to\nauthentication credentials. Remote authenticated users could make use\nof this flaw to bypass intended shell-command restrictions. Identified\nby github.com/tintinweb.\n\nCVE-2016-6515\n\nOpenSSH did not limit password lengths for password authentication.\nRemote attackers could make use of this flaw to cause a denial of\nservice via long strings.\n\nCVE-2016-10009\n\nJann Horn discovered an untrusted search path vulnerability in\nssh-agent allowing remote attackers to execute arbitrary local\nPKCS#11 modules by leveraging control over a forwarded agent-socket.\n\nCVE-2016-10011\n\nJann Horn discovered that OpenSSH did not properly consider the\neffects of realloc on buffer contents. This may allow local users to\nobtain sensitive private-key information by leveraging access to a\nprivilege-separated child process.\n\nCVE-2016-10012\n\nGuido Vranken discovered that the OpenSSH shared memory manager\ndid not ensure that a bounds check was enforced by all compilers,\nwhich could allow local users to gain privileges by leveraging access\nto a sandboxed privilege-separation process.\n\nCVE-2016-10708\n\nNULL pointer dereference and daemon crash via an out-of-sequence\nNEWKEYS message.\n\nCVE-2017-15906\n\nMichal Zalewski reported that OpenSSH improperly prevent write\noperations in readonly mode, allowing attackers to create zero-length\nfiles.", "cvss3": {}, "published": "2018-09-10T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for openssh (DLA-1500-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2016-1908", "CVE-2016-10708", "CVE-2016-10011", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-6515", "CVE-2015-5352", "CVE-2016-3115", "CVE-2017-15906", "CVE-2016-10012", "CVE-2015-6563"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891500", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891500\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\", \"CVE-2016-10009\",\n \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-10708\", \"CVE-2016-1908\", \"CVE-2016-3115\",\n \"CVE-2016-6515\", \"CVE-2017-15906\");\n script_name(\"Debian LTS: Security Advisory for openssh (DLA-1500-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-10 00:00:00 +0200 (Mon, 10 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"openssh on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\nWe recommend that you upgrade your openssh packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\nCVE-2015-5352\n\nOpenSSH incorrectly verified time window deadlines for X connections.\nRemote attackers could take advantage of this flaw to bypass intended\naccess restrictions. Reported by Jann Horn.\n\nCVE-2015-5600\n\nOpenSSH improperly restricted the processing of keyboard-interactive\ndevices within a single connection, which could allow remote attackers\nto perform brute-force attacks or cause a denial of service, in a\nnon-default configuration.\n\nCVE-2015-6563\n\nOpenSSH incorrectly handled usernames during PAM authentication. In\nconjunction with an additional flaw in the OpenSSH unprivileged child\nprocess, remote attackers could make use if this issue to perform user\nimpersonation. Discovered by Moritz Jodeit.\n\nCVE-2015-6564\n\nMoritz Jodeit discovered a use-after-free flaw in PAM support in\nOpenSSH, that could be used by remote attackers to bypass\nauthentication or possibly execute arbitrary code.\n\nCVE-2016-1908\n\nOpenSSH mishandled untrusted X11 forwarding when the X server disables\nthe SECURITY extension. Untrusted connections could obtain trusted X11\nforwarding privileges. Reported by Thomas Hoger.\n\nCVE-2016-3115\n\nOpenSSH improperly handled X11 forwarding data related to\nauthentication credentials. Remote authenticated users could make use\nof this flaw to bypass intended shell-command restrictions. Identified\nby github.com/tintinweb.\n\nCVE-2016-6515\n\nOpenSSH did not limit password lengths for password authentication.\nRemote attackers could make use of this flaw to cause a denial of\nservice via long strings.\n\nCVE-2016-10009\n\nJann Horn discovered an untrusted search path vulnerability in\nssh-agent allowing remote attackers to execute arbitrary local\nPKCS#11 modules by leveraging control over a forwarded agent-socket.\n\nCVE-2016-10011\n\nJann Horn discovered that OpenSSH did not properly consider the\neffects of realloc on buffer contents. This may allow local users to\nobtain sensitive private-key information by leveraging access to a\nprivilege-separated child process.\n\nCVE-2016-10012\n\nGuido Vranken discovered that the OpenSSH shared memory manager\ndid not ensure that a bounds check was enforced by all compilers,\nwhich could allow local users to gain privileges by leveraging access\nto a sandboxed privilege-separation process.\n\nCVE-2016-10708\n\nNULL pointer dereference and daemon crash via an out-of-sequence\nNEWKEYS message.\n\nCVE-2017-15906\n\nMichal Zalewski reported that OpenSSH improperly prevent write\noperations in readonly mode, allowing attackers to create zero-length\nfiles.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"openssh-client\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssh-sftp-server\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh-askpass-gnome\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ssh-krb5\", ver:\"1:6.7p1-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:15:49", "description": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through\n6.9 does not properly restrict the processing of keyboard-interactive\ndevices within a single connection, which makes it easier for remote\nattackers to conduct brute-force attacks or cause a denial of service (CPU\nconsumption) via a long and duplicative list in the ssh\n-oKbdInteractiveDevices option, as demonstrated by a modified client that\nprovides a different password for each pam element on this list.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | Only affects systems with KbdInteractiveAuthentication set to 'yes'. By default, that option is set to 'no' in Ubuntu.\n", "cvss3": {}, "published": "2015-08-02T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5600", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-08-02T00:00:00", "id": "UB:CVE-2015-5600", "href": "https://ubuntu.com/security/CVE-2015-5600", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:58", "description": "USN-2710-1 OpenSSH Vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nOpenSSH\n\n# Versions Affected\n\n * Ubuntu 14.04 \n\n# Description\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation.\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code.\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for X connections. A remote attacker could use this issue to bypass certain access restrictions.\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive authentication. In a non-default configuration, a remote attacker could possibly use this issue to perform a brute-force password attack.\n\nNote that USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. USN-2710-2 update fixes the problem.\n\nThe Cloud Foundry project released a BOSH stemcell version 3048 and a cflinuxfs2 rootfs stack that have the patched version of OpenSSH.\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * All versions of Cloud Foundry BOSH stemcells prior to 3042 have versions of OpenSSH vulnerable to USN-2710-1. \n * All versions of Cloud Foundry cflinuxfs2 prior to 1.5.0 have versions of OpenSSH vulnerable to USN-2710-1. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3048 or later versions, and cflinuxfs2 version 1.5.0 or later versions. \n\n# Credit\n\nMoritz Jodeit and Jann Horn\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2710-1/>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "cloudfoundry", "title": "USN-2710-1 OpenSSH Vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-09-08T00:00:00", "id": "CFOUNDRY:28883491CAD3C04ED61F2AE814DD1633", "href": "https://www.cloudfoundry.org/blog/usn-2710-1/", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "nessus": [{"lastseen": "2023-01-30T14:51:56", "description": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. (CVE-2015-5600)", "cvss3": {}, "published": "2016-02-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSH vulnerability (K17113)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL17113.NASL", "href": "https://www.tenable.com/plugins/nessus/88812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K17113.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88812);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-5600\");\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSH vulnerability (K17113)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH\nthrough 6.9 does not properly restrict the processing of\nkeyboard-interactive devices within a single connection, which makes\nit easier for remote attackers to conduct brute-force attacks or cause\na denial of service (CPU consumption) via a long and duplicative list\nin the ssh -oKbdInteractiveDevices option, as demonstrated by a\nmodified client that provides a different password for each pam\nelement on this list. (CVE-2015-5600)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17113\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K17113.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K17113\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"12.0.0HF3\",\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.4.0-11.5.3\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"12.0.0HF3\",\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"12.0.0HF3\",\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"12.0.0HF3\",\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"12.0.0HF3\",\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"12.0.0HF3\",\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"12.0.0HF3\",\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.3\",\"12.0.0HF3\",\"11.6.1-11.6.3\",\"11.5.4-11.5.7\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:56:06", "description": "In Debian LTS (squeeze), the fix for CVE-2015-5600[1] in openssh 1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the keyboard-interactive method. Thanks to Colin Watson for making aware of that.\n\nThe patch fixing CVE-2015-5600 introduces the field 'devices_done' to the KbdintAuthctxt struct, but does not initialize the field in the kbdint_alloc() function. On Linux, this ends up filling that field with junk data. The result of this are random login failures when keyboard-interactive authentication is used.\n\nThis upload of openssh 1:5.5p1-6+squeeze7 to Debian LTS (squeeze) adds that initialization of the `devices_done` field alongside the existing initialization code.\n\nPeople relying on keyboard-interactive based authentication mechanisms with OpenSSH on Debian squeeze(-lts) systems are recommended to upgrade OpenSSH to 1:5.5p1-6+squeeze7.\n\n[1] https://lists.debian.org/debian-lts-announce/2015/08/msg00001.html\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-10T00:00:00", "type": "nessus", "title": "Debian DLA-288-2 : openssh regression update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssh-client", "p-cpe:/a:debian:debian_linux:openssh-client-udeb", "p-cpe:/a:debian:debian_linux:openssh-server", "p-cpe:/a:debian:debian_linux:openssh-server-udeb", "p-cpe:/a:debian:debian_linux:ssh", "p-cpe:/a:debian:debian_linux:ssh-askpass-gnome", "p-cpe:/a:debian:debian_linux:ssh-krb5", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-288.NASL", "href": "https://www.tenable.com/plugins/nessus/85278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-288-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85278);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5600\");\n\n script_name(english:\"Debian DLA-288-2 : openssh regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In Debian LTS (squeeze), the fix for CVE-2015-5600[1] in openssh\n1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the\nkeyboard-interactive method. Thanks to Colin Watson for making aware\nof that.\n\nThe patch fixing CVE-2015-5600 introduces the field 'devices_done' to\nthe KbdintAuthctxt struct, but does not initialize the field in the\nkbdint_alloc() function. On Linux, this ends up filling that field\nwith junk data. The result of this are random login failures when\nkeyboard-interactive authentication is used.\n\nThis upload of openssh 1:5.5p1-6+squeeze7 to Debian LTS (squeeze) adds\nthat initialization of the `devices_done` field alongside the existing\ninitialization code.\n\nPeople relying on keyboard-interactive based authentication mechanisms\nwith OpenSSH on Debian squeeze(-lts) systems are recommended to\nupgrade OpenSSH to 1:5.5p1-6+squeeze7.\n\n[1] https://lists.debian.org/debian-lts-announce/2015/08/msg00001.html\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/08/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/09/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/openssh\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-client-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-server-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ssh-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"openssh-client\", reference:\"1:5.5p1-6+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssh-client-udeb\", reference:\"1:5.5p1-6+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssh-server\", reference:\"1:5.5p1-6+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssh-server-udeb\", reference:\"1:5.5p1-6+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ssh\", reference:\"1:5.5p1-6+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ssh-askpass-gnome\", reference:\"1:5.5p1-6+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ssh-krb5\", reference:\"1:5.5p1-6+squeeze7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-31T14:19:36", "description": "Security fix for CVE-2015-5600\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-07-31T00:00:00", "type": "nessus", "title": "Fedora 22 : openssh-6.9p1-3.fc22 (2015-11981)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssh", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-11981.NASL", "href": "https://www.tenable.com/plugins/nessus/85133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-11981.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85133);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5600\");\n script_xref(name:\"FEDORA\", value:\"2015-11981\");\n\n script_name(english:\"Fedora 22 : openssh-6.9p1-3.fc22 (2015-11981)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-5600\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1245969\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2764763e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"openssh-6.9p1-3.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-29T14:41:07", "description": "It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (5b74a5bc-348f-11e5-ba05-c80aa9043978)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssh-portable", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5B74A5BC348F11E5BA05C80AA9043978.NASL", "href": "https://www.tenable.com/plugins/nessus/85033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85033);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5600\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:16.openssh\");\n\n script_name(english:\"FreeBSD : OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (5b74a5bc-348f-11e5-ba05-c80aa9043978)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks.\"\n );\n # https://access.redhat.com/security/cve/CVE-2015-5600\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5600\"\n );\n # https://vuxml.freebsd.org/freebsd/5b74a5bc-348f-11e5-ba05-c80aa9043978.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b40b3cd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssh-portable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssh-portable<6.9.p1_2,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:57:06", "description": "The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms.\nThe kbdint_next_device() function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacker can exploit this, via a crafted keyboard-interactive 'devices' string, to bypass the normal restriction of 6 login attempts (MaxAuthTries), resulting in the ability to conduct a brute-force attack or cause a denial of service condition.", "cvss3": {}, "published": "2015-09-24T00:00:00", "type": "nessus", "title": "OpenSSH MaxAuthTries Bypass", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2020-06-12T00:00:00", "cpe": ["cpe:/a:openbsd:openssh"], "id": "OPENSSH_MAXAUTHTRIES_BRUTEFORCE.NASL", "href": "https://www.tenable.com/plugins/nessus/86122", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86122);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\"CVE-2015-5600\");\n script_bugtraq_id(75990);\n\n script_name(english:\"OpenSSH MaxAuthTries Bypass\");\n script_summary(english:\"Attempts to bypass MaxAuthTries to allow password brute-force attack.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The SSH server running on the remote host is affected by a security\nbypass vulnerability that allows password brute-force attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SSH server is affected by a security bypass vulnerability\ndue to a flaw in the keyboard-interactive authentication mechanisms.\nThe kbdint_next_device() function in auth2-chall.c improperly\nrestricts the processing of keyboard-interactive devices within a\nsingle connection. A remote attacker can exploit this, via a crafted\nkeyboard-interactive 'devices' string, to bypass the normal\nrestriction of 6 login attempts (MaxAuthTries), resulting in the\nability to conduct a brute-force attack or cause a denial of service\ncondition.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssh.com/txt/release-7.0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSH 7.0 or later.\n\nAlternatively, this vulnerability can be mitigated on some Linux\ndistributions by disabling the keyboard-interactive authentication\nmethod. This can be done on Red Hat Linux by setting\n'ChallengeResponseAuthentication' to 'no' in the /etc/ssh/sshd_config\nconfiguration file and restarting the sshd service.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openbsd:openssh\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_detect.nasl\");\n script_require_ports(\"Services/ssh\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\n\n\nenable_ssh_wrappers();\n\nglobal_var ERR_AUTH_SUCCESS, ERR_PASSWORD_CHANGE, ERR_PASSWORD_NOT_SUPP;\nchecking_default_account_dont_report = TRUE;\n\nERR_AUTH_SUCCESS = 0;\nERR_PASSWORD_CHANGE = -1;\nERR_PASSWORD_NOT_SUPP = -2;\n\nfunction rand_auth()\n{\n return 'nessus_' + rand_str(length:8, charset:\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\");\n}\n\n##\n# Attempts MaxAuthTries Brute-force via SSHv2 authentication using the keyboard interactive method\n#\n# @remark See RFC 4256 for details of keyboard-interactive auth.\n#\n# @param password Password to attempt to log in with.\n# @param user Username to attempt to log in with.\n# @param submethods Optional comma-separated list of authentication submethods\n#\n# @return number of attempts or <= 0 for error.\n##\nfunction ssh_auth_keyboard_bruteforce(password, user, submethods, port)\n{\n local_var attempts, code, crap, kb_ok, next, payload, prompt, prompts, res, inst;\n\n if (isnull(submethods)) submethods = \"\";\n if (isnull(password) || password == \"\") password = rand_auth(); \n\n # Request keyboard-interactive authentication from the server.\n payload =\n putstring(buffer:user) +\n putstring(buffer:\"ssh-connection\") +\n putstring(buffer:\"keyboard-interactive\") +\n putstring(buffer:\"en-US\") +\n putstring(buffer:submethods);\n\n send_ssh_packet(code:SSH_MSG_USERAUTH_REQUEST, payload:payload);\n\n # Read the server's response.\n res = recv_ssh_packet();\n code = ord(res[0]);\n next = 1;\n\n if (code == SSH_MSG_USERAUTH_FAILURE)\n {\n # Not vuln\n return 1;\n }\n\n if (code == SSH_MSG_UNIMPLEMENTED)\n {\n # Doesn't support SSH_MSG_USERAUTH_REQUEST so doesn't support keyboard-interactive.\n ssh_close_connection();\n exit(0, \"The SSH service listening on port \"+port+\" does not support 'keyboard-interactive' authentication.\");\n }\n\n if (code != SSH_MSG_USERAUTH_INFO_REQUEST)\n {\n ssh_close_connection();\n exit(1, \"Server did not reply with SSH_MSG_USERAUTH_INFO_REQUEST during\"+'\\n'+\"keyboard-interactive exchange. It replied with : \" + code + \".\");\n }\n\n # Skip over name.\n crap = getstring(buffer:res, pos:next);\n next += 4 + strlen(crap);\n\n # Skip over instruction.\n inst = getstring(buffer:res, pos:next);\n next += 4 + strlen(inst);\n\n # Skip over language.\n crap = getstring(buffer:res, pos:next);\n next += 4 + strlen(crap);\n\n # Parse number of prompts.\n prompts = ntol(buffer:res, begin:next);\n next += 4;\n\n kb_ok = FALSE;\n if (prompts > 0)\n {\n prompt = getstring(buffer:res, pos:next);\n #\n # nb: Alcatel OS switches have a bug in their SSH server which make the prompt be a single space.\n if (\n buffer_contains_password_prompt(prompt, user) ||\n \"'s password for keyboard-interactive method:\" >< inst\n )\n {\n if ( \"'s password for keyboard-interactive method:\" >< inst && prompt == \" \") AOS_SSH = TRUE;\n kb_ok = TRUE;\n }\n }\n\n if (!kb_ok)\n {\n return ERR_PASSWORD_NOT_SUPP;\n }\n\n attempts = 1;\n # Put limit on attempts to be sure this loop will exit.\n while (attempts <= 50)\n {\n # Send a single response, containing the password, to server.\n SSH_PACKET_LOG_SCRUB_STRING = password;\n payload = raw_int32(i:1) + putstring(buffer:password);\n send_ssh_packet(code:SSH_MSG_USERAUTH_INFO_RESPONSE, payload:payload);\n SSH_PACKET_LOG_SCRUB_STRING = FALSE;\n\n # Read response from server.\n res = recv_ssh_packet();\n code = ord(res[0]);\n if (code == SSH_MSG_USERAUTH_INFO_REQUEST)\n {\n if (\n \"Changing password for \" >< res || # HPUX\n \"Password change requested\" >< res || # SuSE 10\n \"Password changing requested\" >< res || # SuSE 9\n \"Your password has expired\" >< res || # Solaris\n \"New Password\" >< res || # FreeBSD\n \"You are required to change your password\" >< res # Gentoo\n )\n {\n return ERR_PASSWORD_CHANGE;\n }\n }\n else if (code == SSH_MSG_USERAUTH_SUCCESS)\n {\n # Auth succeeded this shouldn't happen.\n return ERR_AUTH_SUCCESS;\n }\n else\n {\n break;\n }\n\n attempts += 1;\n }\n\n return attempts;\n}\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\n# Bad username/password\nuser = rand_auth();\npassword = rand_auth();\n\nport = get_service(svc:\"ssh\", exit_on_fail:TRUE);\n\n_ssh_socket = open_sock_tcp(port);\nif (!_ssh_socket) audit(AUDIT_SOCK_FAIL, port);\n\n# initialization\ninit();\nserver_version = ssh_exchange_identification();\nif (!server_version)\n{\n ssh_close_connection();\n exit(1, get_ssh_error());\n}\n\n_ssh_server_version = server_version;\n\n# key exchange\nret = ssh_kex2(server_version:server_version, nofingerprint:TRUE);\nif (ret != 0)\n{\n ssh_close_connection();\n exit(1, get_ssh_error());\n}\n\nif (!ssh_req_svc(\"ssh-userauth\"))\n{\n ssh_close_connection();\n exit(0, \"The SSH service listening on port \"+port+\" does not support 'ssh-userauth'.\");\n}\n\nif (!ssh_auth_supported(method:\"keyboard-interactive\", user:user))\n{\n ssh_close_connection();\n exit(0, \"The SSH service listening on port \"+port+\" does not support 'keyboard-interactive' authentication.\");\n}\n\nvuln = FALSE;\nattempts = -1;\n# Try an attempt with no devices set followed by one with 2 set.\n# First attempt checks normal attempt and sets attempts baseline.\n# Second attempt should see an increase matching the number of devices.\n# In this case two.\n# If an increase in attempts that matches the number of devices passed is\n# detected then the openssh service is vulnerable.\nfor (i=0; i < 3; i+=2)\n{\n prev_attempts = attempts;\n submethods = crap(data:\"p,\", length:i*2);\n attempts = ssh_auth_keyboard_bruteforce(user:user, password:password, submethods:submethods, port:port);\n if (attempts == ERR_PASSWORD_CHANGE)\n {\n ssh_close_connection();\n exit(1, \"Couldn't determine, target requested password change.\");\n }\n else if (attempts == ERR_AUTH_SUCCESS)\n {\n ssh_close_connection();\n exit(1, \"Couldn't determine, authentication with account \" + user + \" succeeded.\");\n }\n else if (attempts == ERR_PASSWORD_NOT_SUPP)\n {\n # Not vuln\n break;\n }\n else if (attempts == i && attempts > prev_attempts)\n {\n vuln = TRUE;\n break;\n }\n}\n\nssh_close_connection();\n\nif (vuln)\n{\n security_hole(port:port);\n}\nelse\n{\n audit(AUDIT_LISTEN_NOT_VULN, \"SSH\", port);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:58:17", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (John Haxby) [orabug 22985024]\n\n - CVE-2016-3115: missing sanitisation of input for X11 forwarding (John Haxby) [orabug 22985024]", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.7}, "published": "2016-06-22T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : openssh (OVMSA-2016-0070)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssh", "p-cpe:/a:oracle:vm:openssh-clients", "p-cpe:/a:oracle:vm:openssh-server", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2016-0070.NASL", "href": "https://www.tenable.com/plugins/nessus/91750", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0070.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91750);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n\n script_name(english:\"OracleVM 3.2 : openssh (OVMSA-2016-0070)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2015-5600: MaxAuthTries limit bypass via duplicates\n in KbdInteractiveDevices (John Haxby) [orabug 22985024]\n\n - CVE-2016-3115: missing sanitisation of input for X11\n forwarding (John Haxby) [orabug 22985024]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000482.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssh / openssh-clients / openssh-server\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"openssh-4.3p2-82.0.2.el5\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"openssh-clients-4.3p2-82.0.2.el5\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"openssh-server-4.3p2-82.0.2.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-clients / openssh-server\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:53:11", "description": "Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.\n\nIt was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.7}, "published": "2016-03-22T00:00:00", "type": "nessus", "title": "RHEL 6 : openssh (RHSA-2016:0466)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssh-ldap", "p-cpe:/a:redhat:enterprise_linux:openssh-server", "p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2016-0466.NASL", "href": "https://www.tenable.com/plugins/nessus/90079", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0466. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90079);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n script_xref(name:\"RHSA\", value:\"2016:0466\");\n\n script_name(english:\"RHEL 6 : openssh (RHSA-2016:0466)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nIt was discovered that the OpenSSH server did not sanitize data\nreceived in requests to enable X11 forwarding. An authenticated client\nwith restricted SSH access could possibly use this flaw to bypass\nintended restrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3115\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0466\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-askpass-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-askpass-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-askpass-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-clients-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-clients-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-clients-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssh-debuginfo-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-ldap-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-ldap-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-ldap-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssh-server-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssh-server-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssh-server-5.3p1-114.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"pam_ssh_agent_auth-0.9.3-114.el6_7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:53:09", "description": "From Red Hat Security Advisory 2016:0466 :\n\nUpdated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.\n\nIt was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.7}, "published": "2016-03-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : openssh (ELSA-2016-0466)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:openssh-ldap", "p-cpe:/a:oracle:linux:openssh-server", "p-cpe:/a:oracle:linux:pam_ssh_agent_auth", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-0466.NASL", "href": "https://www.tenable.com/plugins/nessus/90075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0466 and \n# Oracle Linux Security Advisory ELSA-2016-0466 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90075);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n script_xref(name:\"RHSA\", value:\"2016:0466\");\n\n script_name(english:\"Oracle Linux 6 : openssh (ELSA-2016-0466)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0466 :\n\nUpdated openssh packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nIt was discovered that the OpenSSH server did not sanitize data\nreceived in requests to enable X11 forwarding. An authenticated client\nwith restricted SSH access could possibly use this flaw to bypass\nintended restrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005877.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssh-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssh-askpass-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssh-clients-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssh-ldap-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssh-server-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"pam_ssh_agent_auth-0.9.3-114.el6_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-ldap / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:53:10", "description": "It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\nAfter installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.7}, "published": "2016-03-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160321)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssh", "p-cpe:/a:fermilab:scientific_linux:openssh-askpass", "p-cpe:/a:fermilab:scientific_linux:openssh-clients", "p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssh-ldap", "p-cpe:/a:fermilab:scientific_linux:openssh-server", "p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160321_OPENSSH_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90080);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n\n script_name(english:\"Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160321)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the OpenSSH server did not sanitize data\nreceived in requests to enable X11 forwarding. An authenticated client\nwith restricted SSH access could possibly use this flaw to bypass\nintended restrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks. (CVE-2015-5600)\n\nAfter installing this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1603&L=scientific-linux-errata&F=&S=&P=7011\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?343a2901\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssh-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-askpass-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-clients-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-debuginfo-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-ldap-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssh-server-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pam_ssh_agent_auth-0.9.3-114.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:54:51", "description": "Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.\n\nIt was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.7}, "published": "2016-03-22T00:00:00", "type": "nessus", "title": "CentOS 6 : openssh (CESA-2016:0466)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssh", "p-cpe:/a:centos:centos:openssh-askpass", "p-cpe:/a:centos:centos:openssh-clients", "p-cpe:/a:centos:centos:openssh-ldap", "p-cpe:/a:centos:centos:openssh-server", "p-cpe:/a:centos:centos:pam_ssh_agent_auth", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-0466.NASL", "href": "https://www.tenable.com/plugins/nessus/90069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0466 and \n# CentOS Errata and Security Advisory 2016:0466 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90069);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n script_xref(name:\"RHSA\", value:\"2016:0466\");\n\n script_name(english:\"CentOS 6 : openssh (CESA-2016:0466)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nIt was discovered that the OpenSSH server did not sanitize data\nreceived in requests to enable X11 forwarding. An authenticated client\nwith restricted SSH access could possibly use this flaw to bypass\nintended restrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021745.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1e33f57\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5600\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssh-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssh-askpass-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssh-clients-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssh-ldap-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssh-server-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pam_ssh_agent_auth-0.9.3-114.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-ldap / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:56:19", "description": "Description of changes:\n\n[4.3p2-82.0.2]\n- CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (John Haxby) [orabug 22985024]\n- CVE-2016-3115: missing sanitisation of input for X11 forwarding (John Haxby) [orabug 22985024]", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.7}, "published": "2016-04-05T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : openssh (ELSA-2016-3531)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:openssh-server", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2016-3531.NASL", "href": "https://www.tenable.com/plugins/nessus/90342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3531.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90342);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2016-3115\");\n\n script_name(english:\"Oracle Linux 5 : openssh (ELSA-2016-3531)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.3p2-82.0.2]\n- CVE-2015-5600: MaxAuthTries limit bypass via duplicates in \nKbdInteractiveDevices (John Haxby) [orabug 22985024]\n- CVE-2016-3115: missing sanitisation of input for X11 forwarding (John \nHaxby) [orabug 22985024]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005938.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssh-4.3p2-82.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssh-askpass-4.3p2-82.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssh-clients-4.3p2-82.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssh-server-4.3p2-82.0.2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-server\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:55:51", "description": "Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. (CVE number pending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for X connections. A remote attacker could use this issue to bypass certain access restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive authentication. In a non-default configuration, a remote attacker could possibly use this issue to perform a brute-force password attack. (CVE-2015-5600).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openssh vulnerabilities (USN-2710-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openssh-server", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2710-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2710-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85445);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\");\n script_xref(name:\"USN\", value:\"2710-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openssh vulnerabilities (USN-2710-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moritz Jodeit discovered that OpenSSH incorrectly handled usernames\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to perform user impersonation. (CVE number\npending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context\nmemory when using PAM authentication. If an additional vulnerability\nwere discovered in the OpenSSH unprivileged child process, this issue\ncould allow a remote attacker to bypass authentication or possibly\nexecute arbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for\nX connections. A remote attacker could use this issue to bypass\ncertain access restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled\nkeyboard-interactive authentication. In a non-default configuration, a\nremote attacker could possibly use this issue to perform a brute-force\npassword attack. (CVE-2015-5600).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2710-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openssh-server\", pkgver:\"1:5.9p1-5ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openssh-server\", pkgver:\"1:6.6p1-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"openssh-server\", pkgver:\"1:6.7p1-5ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-server\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:55:52", "description": "USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem.\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. (CVE number pending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for X connections. A remote attacker could use this issue to bypass certain access restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive authentication. In a non-default configuration, a remote attacker could possibly use this issue to perform a brute-force password attack.\n(CVE-2015-5600).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-19T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openssh regression (USN-2710-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openssh-server", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2710-2.NASL", "href": "https://www.tenable.com/plugins/nessus/85533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2710-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85533);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\");\n script_xref(name:\"USN\", value:\"2710-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openssh regression (USN-2710-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for\nCVE-2015-5600 caused a regression resulting in random authentication\nfailures in non-default configurations. This update fixes the problem.\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to perform user impersonation. (CVE number\npending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled\ncontext memory when using PAM authentication. If an\nadditional vulnerability were discovered in the OpenSSH\nunprivileged child process, this issue could allow a remote\nattacker to bypass authentication or possibly execute\narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time\nwindows for X connections. A remote attacker could use this\nissue to bypass certain access restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled\nkeyboard-interactive authentication. In a non-default\nconfiguration, a remote attacker could possibly use this\nissue to perform a brute-force password attack.\n(CVE-2015-5600).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2710-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openssh-server\", pkgver:\"1:5.9p1-5ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openssh-server\", pkgver:\"1:6.6p1-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"openssh-server\", pkgver:\"1:6.7p1-5ubuntu1.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-server\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:04:42", "description": "From Red Hat Security Advisory 2015:2088 :\n\nUpdated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.\n\nA flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs :\n\n* Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low.\nConsequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to '2', multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells. (BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once.\n(BZ#1240613)\n\nIn addition, this update adds the following enhancements :\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP). (BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange. (BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openssh (ELSA-2015-2088)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:openssh-keycat", "p-cpe:/a:oracle:linux:openssh-ldap", "p-cpe:/a:oracle:linux:openssh-server", "p-cpe:/a:oracle:linux:openssh-server-sysvinit", "p-cpe:/a:oracle:linux:pam_ssh_agent_auth", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-2088.NASL", "href": "https://www.tenable.com/plugins/nessus/87019", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2088 and \n# Oracle Linux Security Advisory ELSA-2015-2088 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87019);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_xref(name:\"RHSA\", value:\"2015:2088\");\n\n script_name(english:\"Oracle Linux 7 : openssh (ELSA-2015-2088)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2088 :\n\nUpdated openssh packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way OpenSSH handled PAM authentication when\nusing privilege separation. An attacker with valid credentials on the\nsystem and able to fully compromise a non-privileged\npre-authentication process using a different flaw could use this flaw\nto authenticate as other users. (CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a\ndifferent flaw could possibly cause sshd to crash or execute arbitrary\ncode with root privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private\nkeys used for public key authentication, was vulnerable to password\nguessing attacks. An attacker able to connect to the agent could use\nthis flaw to conduct a brute-force attack to unlock keys in the\nssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs :\n\n* Previously, the sshd_config(5) man page was misleading and could\nthus confuse the user. This update improves the man page text to\nclearly describe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files\nlisted using the wildcard character (*) that prevents the Denial of\nService (DoS) for both server and client was previously set too low.\nConsequently, the user reaching the limit was prevented from listing a\ndirectory with a large number of files over Secure File Transfer\nProtocol (SFTP). This update increases the aforementioned limit, thus\nfixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to '2', multiplexed SSH connections did not\nwork as expected. After the user attempted to open a second\nmultiplexed connection, the attempt failed if the first connection was\nstill open. This update modifies OpenSSH to issue only one audit\nmessage per session, and the user is thus able to open two multiplexed\nconnections in this situation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server\ndid not use an sh-like shell. Remote commands have been modified to\nrun in an sh-like shell, and ssh-copy-id now works also with\nnon-sh-like shells. (BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when\nusing ControlMaster multiplexing, one session in the shared connection\nrandomly and unexpectedly exited the connection. This update fixes the\nrace condition in the auditing code, and multiplexing connections now\nwork as expected even with a number of sessions created at once.\n(BZ#1240613)\n\nIn addition, this update adds the following enhancements :\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers\npossess a default schema, as expected by the ssh-ldap-helper program,\nthis update provides the user with an ability to adjust the LDAP query\nto get public keys from servers with a different schema, while the\ndefault functionality stays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set\npermissions for files uploaded using Secure File Transfer Protocol\n(SFTP). (BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format\n(LDIF) format as a complement to the old schema previously accepted by\nOpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic\nSecurity Services API (GSSAPI) key exchange algorithms as any normal\nkey exchange. (BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005560.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-askpass-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-clients-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-keycat-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-ldap-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-server-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssh-server-sysvinit-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"pam_ssh_agent_auth-0.9.3-9.22.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-keycat / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:05:37", "description": "A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent.\n\nThis update fixes the following bugs :\n\n - Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature.\n\n - The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug.\n\n - When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to '2', multiplexed SSH connections did not work as expected.\n After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation.\n\n - The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells.\n\n - Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once.\n\nIn addition, this update adds the following enhancements :\n\n - As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched.\n\n - With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP).\n\n - This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP.\n\n - With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange.", "cvss3": {}, "published": "2015-12-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssh on SL7.x x86_64 (20151119)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssh", "p-cpe:/a:fermilab:scientific_linux:openssh-askpass", "p-cpe:/a:fermilab:scientific_linux:openssh-clients", "p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssh-keycat", "p-cpe:/a:fermilab:scientific_linux:openssh-ldap", "p-cpe:/a:fermilab:scientific_linux:openssh-server", "p-cpe:/a:fermilab:scientific_linux:openssh-server-sysvinit", "p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151119_OPENSSH_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87567", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87567);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n\n script_name(english:\"Scientific Linux Security Update : openssh on SL7.x x86_64 (20151119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way OpenSSH handled PAM authentication when\nusing privilege separation. An attacker with valid credentials on the\nsystem and able to fully compromise a non-privileged\npre-authentication process using a different flaw could use this flaw\nto authenticate as other users. (CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a\ndifferent flaw could possibly cause sshd to crash or execute arbitrary\ncode with root privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private\nkeys used for public key authentication, was vulnerable to password\nguessing attacks. An attacker able to connect to the agent could use\nthis flaw to conduct a brute-force attack to unlock keys in the\nssh-agent.\n\nThis update fixes the following bugs :\n\n - Previously, the sshd_config(5) man page was misleading\n and could thus confuse the user. This update improves\n the man page text to clearly describe the AllowGroups\n feature.\n\n - The limit for the function for restricting the number of\n files listed using the wildcard character (*) that\n prevents the Denial of Service (DoS) for both server and\n client was previously set too low. Consequently, the\n user reaching the limit was prevented from listing a\n directory with a large number of files over Secure File\n Transfer Protocol (SFTP). This update increases the\n aforementioned limit, thus fixing this bug.\n\n - When the ForceCommand option with a pseudoterminal was\n used and the MaxSession option was set to '2',\n multiplexed SSH connections did not work as expected.\n After the user attempted to open a second multiplexed\n connection, the attempt failed if the first connection\n was still open. This update modifies OpenSSH to issue\n only one audit message per session, and the user is thus\n able to open two multiplexed connections in this\n situation.\n\n - The ssh-copy-id utility failed if the account on the\n remote server did not use an sh-like shell. Remote\n commands have been modified to run in an sh-like shell,\n and ssh-copy-id now works also with non-sh-like shells.\n\n - Due to a race condition between auditing messages and\n answers when using ControlMaster multiplexing, one\n session in the shared connection randomly and\n unexpectedly exited the connection. This update fixes\n the race condition in the auditing code, and\n multiplexing connections now work as expected even with\n a number of sessions created at once.\n\nIn addition, this update adds the following enhancements :\n\n - As not all Lightweight Directory Access Protocol (LDAP)\n servers possess a default schema, as expected by the\n ssh-ldap-helper program, this update provides the user\n with an ability to adjust the LDAP query to get public\n keys from servers with a different schema, while the\n default functionality stays untouched.\n\n - With this enhancement update, the administrator is able\n to set permissions for files uploaded using Secure File\n Transfer Protocol (SFTP).\n\n - This update provides the LDAP schema in LDAP Data\n Interchange Format (LDIF) format as a complement to the\n old schema previously accepted by OpenLDAP.\n\n - With this update, the user can selectively disable the\n Generic Security Services API (GSSAPI) key exchange\n algorithms as any normal key exchange.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=13856\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39e954e4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssh-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssh-askpass-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssh-clients-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssh-debuginfo-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssh-keycat-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssh-ldap-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssh-server-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssh-server-sysvinit-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"pam_ssh_agent_auth-0.9.3-9.22.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:59:17", "description": "openssh was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-11-02T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1840-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4000", "CVE-2015-5352", "CVE-2015-5600"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1840-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1840-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86695);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2015-4000\", \"CVE-2015-5352\", \"CVE-2015-5600\");\n script_bugtraq_id(74733, 75525);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1840-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"openssh was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups\n (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=673532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=905118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=914309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5600/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151840-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7517ec1\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-openssh-12168=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssh-5.1p1-41.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssh-askpass-5.1p1-41.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssh-askpass-gnome-5.1p1-41.69.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:05:02", "description": "Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.\n\nA flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs :\n\n* Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low.\nConsequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to '2', multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells. (BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once.\n(BZ#1240613)\n\nIn addition, this update adds the following enhancements :\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP). (BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange. (BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-12-02T00:00:00", "type": "nessus", "title": "CentOS 7 : openssh (CESA-2015:2088)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssh", "p-cpe:/a:centos:centos:openssh-askpass", "p-cpe:/a:centos:centos:openssh-clients", "p-cpe:/a:centos:centos:openssh-keycat", "p-cpe:/a:centos:centos:openssh-ldap", "p-cpe:/a:centos:centos:openssh-server", "p-cpe:/a:centos:centos:openssh-server-sysvinit", "p-cpe:/a:centos:centos:pam_ssh_agent_auth", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2088.NASL", "href": "https://www.tenable.com/plugins/nessus/87128", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2088 and \n# CentOS Errata and Security Advisory 2015:2088 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87128);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_xref(name:\"RHSA\", value:\"2015:2088\");\n\n script_name(english:\"CentOS 7 : openssh (CESA-2015:2088)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way OpenSSH handled PAM authentication when\nusing privilege separation. An attacker with valid credentials on the\nsystem and able to fully compromise a non-privileged\npre-authentication process using a different flaw could use this flaw\nto authenticate as other users. (CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a\ndifferent flaw could possibly cause sshd to crash or execute arbitrary\ncode with root privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private\nkeys used for public key authentication, was vulnerable to password\nguessing attacks. An attacker able to connect to the agent could use\nthis flaw to conduct a brute-force attack to unlock keys in the\nssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs :\n\n* Previously, the sshd_config(5) man page was misleading and could\nthus confuse the user. This update improves the man page text to\nclearly describe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files\nlisted using the wildcard character (*) that prevents the Denial of\nService (DoS) for both server and client was previously set too low.\nConsequently, the user reaching the limit was prevented from listing a\ndirectory with a large number of files over Secure File Transfer\nProtocol (SFTP). This update increases the aforementioned limit, thus\nfixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to '2', multiplexed SSH connections did not\nwork as expected. After the user attempted to open a second\nmultiplexed connection, the attempt failed if the first connection was\nstill open. This update modifies OpenSSH to issue only one audit\nmessage per session, and the user is thus able to open two multiplexed\nconnections in this situation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server\ndid not use an sh-like shell. Remote commands have been modified to\nrun in an sh-like shell, and ssh-copy-id now works also with\nnon-sh-like shells. (BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when\nusing ControlMaster multiplexing, one session in the shared connection\nrandomly and unexpectedly exited the connection. This update fixes the\nrace condition in the auditing code, and multiplexing connections now\nwork as expected even with a number of sessions created at once.\n(BZ#1240613)\n\nIn addition, this update adds the following enhancements :\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers\npossess a default schema, as expected by the ssh-ldap-helper program,\nthis update provides the user with an ability to adjust the LDAP query\nto get public keys from servers with a different schema, while the\ndefault functionality stays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set\npermissions for files uploaded using Secure File Transfer Protocol\n(SFTP). (BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format\n(LDIF) format as a complement to the old schema previously accepted by\nOpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic\nSecurity Services API (GSSAPI) key exchange algorithms as any normal\nkey exchange. (BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51627fc7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5600\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-askpass-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-clients-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-keycat-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-ldap-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-server-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssh-server-sysvinit-6.6.1p1-22.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"pam_ssh_agent_auth-0.9.3-9.22.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-keycat / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T14:59:56", "description": "This update provides fixes for vulnerabilities published with openssh-7.0 Security fix for CVE-2015-5600\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-28T00:00:00", "type": "nessus", "title": "Fedora 21 : openssh-6.6.1p1-16.fc21 (2015-13469)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssh", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-13469.NASL", "href": "https://www.tenable.com/plugins/nessus/85668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-13469.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85668);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_xref(name:\"FEDORA\", value:\"2015-13469\");\n\n script_name(english:\"Fedora 21 : openssh-6.6.1p1-16.fc21 (2015-13469)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update provides fixes for vulnerabilities published with\nopenssh-7.0 Security fix for CVE-2015-5600\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1245969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1252844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1252852\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e94dee7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"openssh-6.6.1p1-16.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:04:17", "description": "Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.\n\nA flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs :\n\n* Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low.\nConsequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to '2', multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells. (BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once.\n(BZ#1240613)\n\nIn addition, this update adds the following enhancements :\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP). (BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange. (BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "nessus", "title": "RHEL 7 : openssh (RHSA-2015:2088)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssh-keycat", "p-cpe:/a:redhat:enterprise_linux:openssh-ldap", "p-cpe:/a:redhat:enterprise_linux:openssh-server", "p-cpe:/a:redhat:enterprise_linux:openssh-server-sysvinit", "p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-2088.NASL", "href": "https://www.tenable.com/plugins/nessus/86967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2088. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86967);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_xref(name:\"RHSA\", value:\"2015:2088\");\n\n script_name(english:\"RHEL 7 : openssh (RHSA-2015:2088)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way OpenSSH handled PAM authentication when\nusing privilege separation. An attacker with valid credentials on the\nsystem and able to fully compromise a non-privileged\npre-authentication process using a different flaw could use this flaw\nto authenticate as other users. (CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a\ndifferent flaw could possibly cause sshd to crash or execute arbitrary\ncode with root privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private\nkeys used for public key authentication, was vulnerable to password\nguessing attacks. An attacker able to connect to the agent could use\nthis flaw to conduct a brute-force attack to unlock keys in the\nssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs :\n\n* Previously, the sshd_config(5) man page was misleading and could\nthus confuse the user. This update improves the man page text to\nclearly describe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files\nlisted using the wildcard character (*) that prevents the Denial of\nService (DoS) for both server and client was previously set too low.\nConsequently, the user reaching the limit was prevented from listing a\ndirectory with a large number of files over Secure File Transfer\nProtocol (SFTP). This update increases the aforementioned limit, thus\nfixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to '2', multiplexed SSH connections did not\nwork as expected. After the user attempted to open a second\nmultiplexed connection, the attempt failed if the first connection was\nstill open. This update modifies OpenSSH to issue only one audit\nmessage per session, and the user is thus able to open two multiplexed\nconnections in this situation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server\ndid not use an sh-like shell. Remote commands have been modified to\nrun in an sh-like shell, and ssh-copy-id now works also with\nnon-sh-like shells. (BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when\nusing ControlMaster multiplexing, one session in the shared connection\nrandomly and unexpectedly exited the connection. This update fixes the\nrace condition in the auditing code, and multiplexing connections now\nwork as expected even with a number of sessions created at once.\n(BZ#1240613)\n\nIn addition, this update adds the following enhancements :\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers\npossess a default schema, as expected by the ssh-ldap-helper program,\nthis update provides the user with an ability to adjust the LDAP query\nto get public keys from servers with a different schema, while the\ndefault functionality stays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set\npermissions for files uploaded using Secure File Transfer Protocol\n(SFTP). (BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format\n(LDIF) format as a complement to the old schema previously accepted by\nOpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic\nSecurity Services API (GSSAPI) key exchange algorithms as any normal\nkey exchange. (BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6564\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2088\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-askpass-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-askpass-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-clients-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-clients-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssh-debuginfo-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-keycat-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-keycat-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-ldap-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-ldap-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-server-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-server-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssh-server-sysvinit-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssh-server-sysvinit-6.6.1p1-22.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"pam_ssh_agent_auth-0.9.3-9.22.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:05:53", "description": "A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssh (ALAS-2015-625)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssh", "p-cpe:/a:amazon:linux:openssh-clients", "p-cpe:/a:amazon:linux:openssh-debuginfo", "p-cpe:/a:amazon:linux:openssh-keycat", "p-cpe:/a:amazon:linux:openssh-ldap", "p-cpe:/a:amazon:linux:openssh-server", "p-cpe:/a:amazon:linux:pam_ssh_agent_auth", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-625.NASL", "href": "https://www.tenable.com/plugins/nessus/87351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-625.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87351);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_xref(name:\"ALAS\", value:\"2015-625\");\n\n script_name(english:\"Amazon Linux AMI : openssh (ALAS-2015-625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way OpenSSH handled PAM authentication when\nusing privilege separation. An attacker with valid credentials on the\nsystem and able to fully compromise a non-privileged\npre-authentication process using a different flaw could use this flaw\nto authenticate as other users.\n\nIt was discovered that the OpenSSH sshd daemon did not check the list\nof keyboard-interactive authentication methods for duplicates. A\nremote attacker could use this flaw to bypass the MaxAuthTries limit,\nmaking it easier to perform password guessing attacks.\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a\ndifferent flaw could possibly cause sshd to crash or execute arbitrary\ncode with root privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-625.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssh' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssh-6.6.1p1-22.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssh-clients-6.6.1p1-22.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssh-debuginfo-6.6.1p1-22.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssh-keycat-6.6.1p1-22.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssh-ldap-6.6.1p1-22.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssh-server-6.6.1p1-22.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"pam_ssh_agent_auth-0.9.3-9.22.58.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-clients / openssh-debuginfo / openssh-keycat / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-18T15:11:01", "description": "Versions of OpenSSH server before 7.0 are affected by multiple vulnerabilities: \n\n - A flaw in the 'kbdint_next_device()' function in 'file auth2-chall.c' that allows the circumvention of MaxAuthTries during keyboard-interactive authentication. An attacker can exploit this issue to force the same authentication method to be tried thousands of times in a single pass by using a crafted keyboard-interactive 'devices' string, thus allowing a brute-force attack or causing a denial of service. (CVE-2015-5600) \n - A flaw in sshd(8) is due to the program setting insecure world-writable permissions for TTYs allowing a local attacker to execute arbitrary commands for logged-in users by injecting crafted terminal escape sequences. (CVE-2015-6565) \n - A flaw in the monitor component is triggered when handling username data in MONITOR_REQ_PAM_INIT_CTX requests allowing a local user to leverage the SSH login access and control of the sshd(8) UID to send a MONITOR_REQ_PWNAM request to conduct an impersonation attack. (CVE-2015-6563) \n - A use-after-free error in the 'mm_answer_pam_free_ctx()' function of monitor.c is triggered when handling a MONITOR_REQ_PAM_FREE_CTX request allowing a local attacker to take control of the sshd UID to send a request leading to a dereference of already freed memory and gain elevated privileges. (CVE-2015-6564)\n\nNote: NNM has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.", "cvss3": {}, "published": "2016-04-22T00:00:00", "type": "nessus", "title": "OpenSSH < 7.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-6565"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openbsd:openssh"], "id": "9309.PRM", "href": "https://www.tenable.com/plugins/nnm/9309", "sourceData": "Binary data 9309.prm", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:00:32", "description": "According to its banner, the version of OpenSSH running on the remote host is prior to 7.0. It is, therefore, affected by the following vulnerabilities :\n\n - A security bypass vulnerability exists in the kbdint_next_device() function in file auth2-chall.c that allows the circumvention of MaxAuthTries during keyboard-interactive authentication. A remote attacker can exploit this issue to force the same authentication method to be tried thousands of times in a single pass by using a crafted keyboard-interactive 'devices' string, thus allowing a brute-force attack or causing a denial of service. (CVE-2015-5600)\n\n - A security bypass vulnerability exists in sshd due to improper handling of username data in MONITOR_REQ_PAM_INIT_CTX requests. A local attacker can exploit this, by sending a MONITOR_REQ_PWNAM request, to conduct an impersonation attack. Note that this issue only affects Portable OpenSSH. (CVE-2015-6563)\n\n - A privilege escalation vulnerability exists due to a use-after-free error in sshd that is triggered when handling a MONITOR_REQ_PAM_FREE_CTX request. A local attacker can exploit this to gain elevated privileges.\n Note that this issue only affects Portable OpenSSH.\n (CVE-2015-6564)\n\n - A local command execution vulnerability exists in sshd due to setting insecure world-writable permissions for TTYs. A local attacker can exploit this, by injecting crafted terminal escape sequences, to execute commands for logged-in users. (CVE-2015-6565)", "cvss3": {}, "published": "2015-08-13T00:00:00", "type": "nessus", "title": "OpenSSH < 7.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-6565"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openbsd:openssh"], "id": "OPENSSH_70.NASL", "href": "https://www.tenable.com/plugins/nessus/85382", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85382);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n\n script_cve_id(\n \"CVE-2015-5600\",\n \"CVE-2015-6563\",\n \"CVE-2015-6564\",\n \"CVE-2015-6565\"\n );\n script_bugtraq_id(75990, 76317, 76497);\n script_xref(name:\"EDB-ID\", value:\"41173\");\n\n script_name(english:\"OpenSSH < 7.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the OpenSSH banner version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The SSH server running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSH running on the remote\nhost is prior to 7.0. It is, therefore, affected by the following\nvulnerabilities :\n\n - A security bypass vulnerability exists in the\n kbdint_next_device() function in file auth2-chall.c that\n allows the circumvention of MaxAuthTries during\n keyboard-interactive authentication. A remote attacker\n can exploit this issue to force the same authentication\n method to be tried thousands of times in a single pass\n by using a crafted keyboard-interactive 'devices'\n string, thus allowing a brute-force attack or causing a\n denial of service. (CVE-2015-5600)\n\n - A security bypass vulnerability exists in sshd due to\n improper handling of username data in\n MONITOR_REQ_PAM_INIT_CTX requests. A local attacker can\n exploit this, by sending a MONITOR_REQ_PWNAM request, to\n conduct an impersonation attack. Note that this issue\n only affects Portable OpenSSH. (CVE-2015-6563)\n\n - A privilege escalation vulnerability exists due to a\n use-after-free error in sshd that is triggered when\n handling a MONITOR_REQ_PAM_FREE_CTX request. A local\n attacker can exploit this to gain elevated privileges.\n Note that this issue only affects Portable OpenSSH.\n (CVE-2015-6564)\n\n - A local command execution vulnerability exists in sshd\n due to setting insecure world-writable permissions for\n TTYs. A local attacker can exploit this, by injecting\n crafted terminal escape sequences, to execute commands\n for logged-in users. (CVE-2015-6565)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssh.com/txt/release-7.0\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSH 7.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openbsd:openssh\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/ssh\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Ensure the port is open.\nport = get_service(svc:\"ssh\", exit_on_fail:TRUE);\n\n# Get banner for service.\nbanner = get_kb_item_or_exit(\"SSH/banner/\"+port);\n\nbp_banner = tolower(get_backport_banner(banner:banner));\nif (\"openssh\" >!< bp_banner) audit(AUDIT_NOT_LISTEN, \"OpenSSH\", port);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\nif (backported) audit(code:0, AUDIT_BACKPORT_SERVICE, port, \"OpenSSH\");\n\n# Check the version in the backported banner.\nmatch = eregmatch(string:bp_banner, pattern:\"openssh[-_]([0-9][-._0-9a-z]+)\");\nif (isnull(match)) audit(AUDIT_SERVICE_VER_FAIL, \"OpenSSH\", port);\nversion = match[1];\n\n# Affected : < 7.0\nif (\n version =~ \"^[0-6]\\.\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"OpenSSH\", port, version);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:03:34", "description": "OpenSSH was updated to fix several security issues and bugs.\n\nPlease note that due to a bug in the previous shipped openssh version, sshd might not correctly restart. Please verify that the ssh daemon is running after installing this update.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. (bsc#936695)\n\n - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh\n\n -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. (bsc#938746)\n\n - CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM. (bsc#932483)\n\n - Hardening patch to fix sftp RCE. (bsc#903649)\n\n - CVE-2015-6563: The monitor component in sshd accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nAdditional a bug was fixed that could lead to openssh not working in chroot (bsc#947458).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-10-12T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1695-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4000", "CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1695-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1695-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86339);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-4000\",\n \"CVE-2015-5352\",\n \"CVE-2015-5600\",\n \"CVE-2015-6563\",\n \"CVE-2015-6564\"\n );\n script_bugtraq_id(74733, 75525);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1695-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSH was updated to fix several security issues and bugs.\n\nPlease note that due to a bug in the previous shipped openssh version,\nsshd might not correctly restart. Please verify that the ssh daemon is\nrunning after installing this update.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function, when\n ForwardX11Trusted mode is not used, lacked a check of\n the refusal deadline for X connections, which made it\n easier for remote attackers to bypass intended access\n restrictions via a connection outside of the permitted\n time window. (bsc#936695)\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd did not properly restrict the\n processing of keyboard-interactive devices within a\n single connection, which made it easier for remote\n attackers to conduct brute-force attacks or cause a\n denial of service (CPU consumption) via a long and\n duplicative list in the ssh\n\n -oKbdInteractiveDevices option, as demonstrated by a\n modified client that provides a different password for\n each pam element on this list. (bsc#938746)\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM. (bsc#932483)\n\n - Hardening patch to fix sftp RCE. (bsc#903649)\n\n - CVE-2015-6563: The monitor component in sshd accepted\n extraneous username data in MONITOR_REQ_PAM_INIT_CTX\n requests, which allowed local users to conduct\n impersonation attacks by leveraging any SSH login access\n in conjunction with control of the sshd uid to send a\n crafted MONITOR_REQ_PWNAM request, related to monitor.c\n and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd\n might have allowed local users to gain privileges by\n leveraging control of the sshd uid to send an\n unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nAdditional a bug was fixed that could lead to openssh not working in\nchroot (bsc#947458).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=939932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=947458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5600/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6563/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6564/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151695-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a811b187\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-openssh-12119=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-openssh-12119=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-openssh-12119=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-askpass-gnome-6.6p1-13.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-fips-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-helpers-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"openssh-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.6p1-13.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"openssh-helpers-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"openssh-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"openssh-askpass-gnome-6.6p1-13.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"openssh-helpers-6.6p1-13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:01:47", "description": "openssh was updated to fix several security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. (bsc#943010)\n\n - CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n (bsc#943006)\n\nAlso use %restart_on_update in the trigger script.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-09-14T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2015:1544-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4000", "CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-debugsource", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1544-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1544-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85928);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-4000\",\n \"CVE-2015-5352\",\n \"CVE-2015-5600\",\n \"CVE-2015-6563\",\n \"CVE-2015-6564\"\n );\n script_bugtraq_id(74733, 75525);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2015:1544-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"openssh was updated to fix several security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c. (bsc#943010)\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n (bsc#943006)\n\nAlso use %restart_on_update in the trigger script.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5600/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6563/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6564/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151544-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b744fca\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-526=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-526=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-askpass-gnome-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-debugsource-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-fips-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-helpers-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-helpers-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-debugsource-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-helpers-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-helpers-debuginfo-6.6p1-29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-30T14:52:41", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (#1245969)\n\n - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317816)\n\n - SSH2_MSG_DISCONNECT for user initiated disconnect follow RFC 4253 (#1222500)\n\n - Add missing dot in ssh manual page (#1197763)\n\n - Fix minor problems found by covscan/gcc (#1196063)\n\n - Add missing options in man ssh (#1197763)\n\n - Add KbdInteractiveAuthentication documentation to man sshd_config (#1109251)\n\n - Correct freeing newkeys structure when privileged monitor exits (#1208584)\n\n - Fix problems with failing persistent connections (#1131585)\n\n - Fix memory leaks in auditing patch (#1208584)\n\n - Better approach to logging sftp commands in chroot\n\n - Make sshd -T write all config options and add missing Cipher, MAC to man (#1109251)\n\n - Add missing ControlPersist option to man ssh (#1197763)\n\n - Add sftp option to force mode of created files (#1191055)\n\n - Do not load RSA1 keys in FIPS mode (#1197072)\n\n - Add missing support for ECDSA in ssh-keyscan (#1196331)\n\n - Fix coverity/gcc issues (#1196063)\n\n - Backport wildcard functionality for PermitOpen in sshd_config file (#1159055)\n\n - Ability to specify an arbitrary LDAP filter in ldap.conf (#1119506)\n\n - Fix ControlPersist option with ProxyCommand (#1160487)\n\n - Backport fix of ssh-keygen with error : gethostname:\n File name too long (#1161454)\n\n - Backport show remote address instead of UNKNOWN after timeout at password prompt (#1161449)\n\n - Fix printing of extensions in v01 certificates (#1093869)\n\n - Fix confusing audit trail for unsuccessful logins (#1127312)\n\n - Don't close fds for internal sftp sessions (#1085710)\n\n - Fix config parsing quotes (backport) (#1134938)\n\n - Enable logging in chroot into separate file (#1172224)\n\n - Fix auditing when using combination of ForcedCommand and PTY (#1131585)\n\n - Fix ssh-copy-id on non-sh remote shells (#1135521)\n\n - ignore SIGXFSZ in postauth monitor child (#1133906)\n\n - don't try to generate DSA keys in the init script in FIPS mode (#1118735)\n\n - ignore SIGPIPE in ssh-keyscan (#1108836)\n\n - ssh-add: fix fatal exit when removing card (#1042519)\n\n - fix race in backported ControlPersist patch (#953088)\n\n - skip requesting smartcard PIN when removing keys from agent (#1042519)\n\n - add possibility to autocreate only RSA key into initscript (#1111568)\n\n - fix several issues reported by coverity\n\n - x11 forwarding - be less restrictive when can't bind to one of available addresses (#1027197)\n\n - better fork error detection in audit patch (#1028643)\n\n - fix openssh-5.3p1-x11.patch for non-linux platforms (#1100913)\n\n - prevent a server from skipping SSHFP lookup (#1081338) (CVE-2014-2653)\n\n - ignore environment variables with embedded '=' or '\\0' characters (CVE-2014-2532)\n\n - backport ControlPersist option (#953088)\n\n - log when a client requests an interactive session and only sftp is allowed (#997377)\n\n - don't try to load RSA1 host key in FIPS mode (#1009959)\n\n - restore Linux oom_adj setting when handling SIGHUP to maintain behaviour over restart (#1010429)\n\n - ssh-keygen -V - relative-specified certificate expiry time should be relative to current time (#1022459)\n\n - adjust the key echange DH groups and ssh-keygen according to SP800-131A (#993580)\n\n - log failed integrity test if /etc/system-fips exists (#1020803)\n\n - backport ECDSA and ECDH support (#1028335)\n\n - use dracut-fips package to determine if a FIPS module is installed (#1001565)\n\n - use dist tag in suffixes for hmac checksum files (#1001565)\n\n - use hmac_suffix for ssh[,d] hmac checksums (#1001565)\n\n - fix NSS keys support (#1004763)\n\n - change default value of MaxStartups - CVE-2010-5107 - #908707\n\n - add -fips subpackages that contains the FIPS module files (#1001565)\n\n - don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835)\n\n - do ssh_gssapi_krb5_storecreds twice - before and after pam sesssion (#974096)\n\n - bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A (#993577)\n\n - fixed an issue with broken 'ssh -I pkcs11' (#908038)\n\n - abort non-subsystem sessions to forced internal sftp-server (#993509)\n\n - reverted 'store krb5 credentials after a pam session is created (#974096)'\n\n - Add support for certificate key types for users and hosts (#906872)\n\n - Apply RFC3454 stringprep to banners when possible (#955792)\n\n - fix chroot logging issue (#872169)\n\n - change the bad key permissions error message (#880575)\n\n - fix a race condition in ssh-agent (#896561)\n\n - backport support for PKCS11 from openssh-5.4p1 (#908038)\n\n - add a KexAlgorithms knob to the client and server configuration (#951704)\n\n - fix parsing logic of ldap.conf file (#954094)\n\n - Add HMAC-SHA2 algorithm support (#969565)\n\n - store krb5 credentials after a pam session is created (#974096)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.7}, "published": "2016-03-22T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : openssh (OVMSA-2016-0038)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5107", "CVE-2014-2532", "CVE-2014-2653", "CVE-2015-5600", "CVE-2016-3115"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssh", "p-cpe:/a:oracle:vm:openssh-clients", "p-cpe:/a:oracle:vm:openssh-server", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0038.NASL", "href": "https://www.tenable.com/plugins/nessus/90076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0038.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90076);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-5107\", \"CVE-2014-2532\", \"CVE-2014-2653\", \"CVE-2015-5600\", \"CVE-2016-3115\");\n script_bugtraq_id(58162, 66355, 66459);\n\n script_name(english:\"OracleVM 3.3 / 3.4 : openssh (OVMSA-2016-0038)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2015-5600: MaxAuthTries limit bypass via duplicates\n in KbdInteractiveDevices (#1245969)\n\n - CVE-2016-3115: missing sanitisation of input for X11\n forwarding (#1317816)\n\n - SSH2_MSG_DISCONNECT for user initiated disconnect follow\n RFC 4253 (#1222500)\n\n - Add missing dot in ssh manual page (#1197763)\n\n - Fix minor problems found by covscan/gcc (#1196063)\n\n - Add missing options in man ssh (#1197763)\n\n - Add KbdInteractiveAuthentication documentation to man\n sshd_config (#1109251)\n\n - Correct freeing newkeys structure when privileged\n monitor exits (#1208584)\n\n - Fix problems with failing persistent connections\n (#1131585)\n\n - Fix memory leaks in auditing patch (#1208584)\n\n - Better approach to logging sftp commands in chroot\n\n - Make sshd -T write all config options and add missing\n Cipher, MAC to man (#1109251)\n\n - Add missing ControlPersist option to man ssh (#1197763)\n\n - Add sftp option to force mode of created files\n (#1191055)\n\n - Do not load RSA1 keys in FIPS mode (#1197072)\n\n - Add missing support for ECDSA in ssh-keyscan (#1196331)\n\n - Fix coverity/gcc issues (#1196063)\n\n - Backport wildcard functionality for PermitOpen in\n sshd_config file (#1159055)\n\n - Ability to specify an arbitrary LDAP filter in ldap.conf\n (#1119506)\n\n - Fix ControlPersist option with ProxyCommand (#1160487)\n\n - Backport fix of ssh-keygen with error : gethostname:\n File name too long (#1161454)\n\n - Backport show remote address instead of UNKNOWN after\n timeout at password prompt (#1161449)\n\n - Fix printing of extensions in v01 certificates\n (#1093869)\n\n - Fix confusing audit trail for unsuccessful logins\n (#1127312)\n\n - Don't close fds for internal sftp sessions (#1085710)\n\n - Fix config parsing quotes (backport) (#1134938)\n\n - Enable logging in chroot into separate file (#1172224)\n\n - Fix auditing when using combination of ForcedCommand and\n PTY (#1131585)\n\n - Fix ssh-copy-id on non-sh remote shells (#1135521)\n\n - ignore SIGXFSZ in postauth monitor child (#1133906)\n\n - don't try to generate DSA keys in the init script in\n FIPS mode (#1118735)\n\n - ignore SIGPIPE in ssh-keyscan (#1108836)\n\n - ssh-add: fix fatal exit when removing card (#1042519)\n\n - fix race in backported ControlPersist patch (#953088)\n\n - skip requesting smartcard PIN when removing keys from\n agent (#1042519)\n\n - add possibility to autocreate only RSA key into\n initscript (#1111568)\n\n - fix several issues reported by coverity\n\n - x11 forwarding - be less restrictive when can't bind to\n one of available addresses (#1027197)\n\n - better fork error detection in audit patch (#1028643)\n\n - fix openssh-5.3p1-x11.patch for non-linux platforms\n (#1100913)\n\n - prevent a server from skipping SSHFP lookup (#1081338)\n (CVE-2014-2653)\n\n - ignore environment variables with embedded '=' or '\\0'\n characters (CVE-2014-2532)\n\n - backport ControlPersist option (#953088)\n\n - log when a client requests an interactive session and\n only sftp is allowed (#997377)\n\n - don't try to load RSA1 host key in FIPS mode (#1009959)\n\n - restore Linux oom_adj setting when handling SIGHUP to\n maintain behaviour over restart (#1010429)\n\n - ssh-keygen -V - relative-specified certificate expiry\n time should be relative to current time (#1022459)\n\n - adjust the key echange DH groups and ssh-keygen\n according to SP800-131A (#993580)\n\n - log failed integrity test if /etc/system-fips exists\n (#1020803)\n\n - backport ECDSA and ECDH support (#1028335)\n\n - use dracut-fips package to determine if a FIPS module is\n installed (#1001565)\n\n - use dist tag in suffixes for hmac checksum files\n (#1001565)\n\n - use hmac_suffix for ssh[,d] hmac checksums (#1001565)\n\n - fix NSS keys support (#1004763)\n\n - change default value of MaxStartups - CVE-2010-5107 -\n #908707\n\n - add -fips subpackages that contains the FIPS module\n files (#1001565)\n\n - don't use SSH_FP_MD5 for fingerprints in FIPS mode\n (#998835)\n\n - do ssh_gssapi_krb5_storecreds twice - before and after\n pam sesssion (#974096)\n\n - bump the minimum value of SSH_USE_STRONG_RNG to 14\n according to SP800-131A (#993577)\n\n - fixed an issue with broken 'ssh -I pkcs11' (#908038)\n\n - abort non-subsystem sessions to forced internal\n sftp-server (#993509)\n\n - reverted 'store krb5 credentials after a pam session is\n created (#974096)'\n\n - Add support for certificate key types for users and\n hosts (#906872)\n\n - Apply RFC3454 stringprep to banners when possible\n (#955792)\n\n - fix chroot logging issue (#872169)\n\n - change the bad key permissions error message (#880575)\n\n - fix a race condition in ssh-agent (#896561)\n\n - backport support for PKCS11 from openssh-5.4p1 (#908038)\n\n - add a KexAlgorithms knob to the client and server\n configuration (#951704)\n\n - fix parsing logic of ldap.conf file (#954094)\n\n - Add HMAC-SHA2 algorithm support (#969565)\n\n - store krb5 credentials after a pam session is created\n (#974096)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-March/000449.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8801e58b\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-March/000443.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11579ee9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssh / openssh-clients / openssh-server\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssh-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssh-clients-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssh-server-5.3p1-114.el6_7\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"openssh-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"openssh-clients-5.3p1-114.el6_7\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"openssh-server-5.3p1-114.el6_7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-clients / openssh-server\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:01:32", "description": "openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-09-22T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1581-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4000", "CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1581-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86057", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1581-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86057);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-4000\",\n \"CVE-2015-5352\",\n \"CVE-2015-5600\",\n \"CVE-2015-6563\",\n \"CVE-2015-6564\"\n );\n script_bugtraq_id(74733, 75525);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1581-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=673532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=905118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=914309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=916549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5600/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6563/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6564/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151581-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b348f297\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-openssh-12096=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-openssh-12096=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-openssh-12096=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-openssh-12096=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-gnome-6.2p2-0.21.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.2p2-0.21.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-askpass-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-askpass-gnome-6.2p2-0.21.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:02:15", "description": "openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-09-14T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1547-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4000", "CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1547-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1547-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85929);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-4000\",\n \"CVE-2015-5352\",\n \"CVE-2015-5600\",\n \"CVE-2015-6563\",\n \"CVE-2015-6564\"\n );\n script_bugtraq_id(74733, 75525);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1547-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=673532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=905118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=914309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=916549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5600/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6563/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6564/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151547-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?188f3ab8\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-openssh-12087=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-openssh-12087=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-gnome-6.2p2-0.17.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:01:19", "description": "openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-09-15T00:00:00", "type": "nessus", "title": "SUSE SLED11 Security Update : openssh (SUSE-SU-2015:1547-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4000", "CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1547-2.NASL", "href": "https://www.tenable.com/plugins/nessus/85941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1547-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85941);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-4000\",\n \"CVE-2015-5352\",\n \"CVE-2015-5600\",\n \"CVE-2015-6563\",\n \"CVE-2015-6564\"\n );\n script_bugtraq_id(74733, 75525);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED11 Security Update : openssh (SUSE-SU-2015:1547-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=673532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=905118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=914309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=916549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-5600/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6563/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6564/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151547-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0093c79\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-openssh-12087=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-openssh-12087=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.2p2-0.17.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-askpass-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-askpass-gnome-6.2p2-0.17.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-11T15:05:04", "description": "The remote host is affected by the vulnerability described in GLSA-201512-04 (OpenSSH: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2015-12-22T00:00:00", "type": "nessus", "title": "GLSA-201512-04 : OpenSSH: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-6565"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssh", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201512-04.NASL", "href": "https://www.tenable.com/plugins/nessus/87545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201512-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87545);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\", \"CVE-2015-6565\");\n script_xref(name:\"GLSA\", value:\"201512-04\");\n\n script_name(english:\"GLSA-201512-04 : OpenSSH: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201512-04\n(OpenSSH: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSH. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201512-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All openssh users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-7.1_p1-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/openssh\", unaffected:make_list(\"ge 7.1_p1-r2\"), vulnerable:make_list(\"lt 7.1_p1-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSH\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-02-01T15:39:34", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities:\n\n - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.\n (CVE-2006-0225)\n\n - sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. (CVE-2006-4924)\n\n - Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051)\n\n - Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication.\n NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.\n (CVE-2006-5794)\n\n - Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.\n (CVE-2007-3102)\n\n - The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.\n (CVE-2010-4755)\n\n - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107)\n\n - It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions.\n (CVE-2014-2532)\n\n - It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record.\n (CVE-2014-2653)\n\n - It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions. (CVE-2014-9278)\n\n - It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)\n\n - It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325)\n\n - An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client.\n (CVE-2016-0777)\n\n - An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908)\n\n - A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0225", "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5794", "CVE-2007-3102", "CVE-2010-2632", "CVE-2010-4755", "CVE-2010-5107", "CVE-2014-2532", "CVE-2014-2653", "CVE-2014-9278", "CVE-2015-5600", "CVE-2015-8325", "CVE-2016-0777", "CVE-2016-1908", "CVE-2016-6210"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0146_OPENSSH-LATEST.NASL", "href": "https://www.tenable.com/plugins/nessus/127415", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0146. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127415);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2006-0225\",\n \"CVE-2006-4924\",\n \"CVE-2006-5051\",\n \"CVE-2006-5794\",\n \"CVE-2007-3102\",\n \"CVE-2010-4755\",\n \"CVE-2010-5107\",\n \"CVE-2014-2532\",\n \"CVE-2014-2653\",\n \"CVE-2014-9278\",\n \"CVE-2015-5600\",\n \"CVE-2015-8325\",\n \"CVE-2016-0777\",\n \"CVE-2016-1908\",\n \"CVE-2016-6210\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by\nmultiple vulnerabilities:\n\n - scp in OpenSSH 4.2p1 allows attackers to execute\n arbitrary commands via filenames that contain shell\n metacharacters or spaces, which are expanded twice.\n (CVE-2006-0225)\n\n - sshd in OpenSSH before 4.4, when using the version 1 SSH\n protocol, allows remote attackers to cause a denial of\n service (CPU consumption) via an SSH packet that\n contains duplicate blocks, which is not properly handled\n by the CRC compensation attack detector. (CVE-2006-4924)\n\n - Signal handler race condition in OpenSSH before 4.4\n allows remote attackers to cause a denial of service\n (crash), and possibly execute arbitrary code if GSSAPI\n authentication is enabled, via unspecified vectors that\n lead to a double-free. (CVE-2006-5051)\n\n - Unspecified vulnerability in the sshd Privilege\n Separation Monitor in OpenSSH before 4.5 causes weaker\n verification that authentication has been successful,\n which might allow attackers to bypass authentication.\n NOTE: as of 20061108, it is believed that this issue is\n only exploitable by leveraging vulnerabilities in the\n unprivileged process, which are not known to exist.\n (CVE-2006-5794)\n\n - Unspecified vulnerability in the\n linux_audit_record_event function in OpenSSH 4.3p2, as\n used on Fedora Core 6 and possibly other systems, allows\n remote attackers to write arbitrary characters to an\n audit log via a crafted username. NOTE: some of these\n details are obtained from third party information.\n (CVE-2007-3102)\n\n - The (1) remote_glob function in sftp-glob.c and the (2)\n process_put function in sftp.c in OpenSSH 5.8 and\n earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2,\n OpenBSD 4.7, and other products, allow remote\n authenticated users to cause a denial of service (CPU\n and memory consumption) via crafted glob expressions\n that do not match any pathnames, as demonstrated by glob\n expressions in SSH_FXP_STAT requests to an sftp daemon,\n a different vulnerability than CVE-2010-2632.\n (CVE-2010-4755)\n\n - The default configuration of OpenSSH through 6.1\n enforces a fixed time limit between establishing a TCP\n connection and completing a login, which makes it easier\n for remote attackers to cause a denial of service\n (connection-slot exhaustion) by periodically making many\n new TCP connections. (CVE-2010-5107)\n\n - It was found that OpenSSH did not properly handle\n certain AcceptEnv parameter values with wildcard\n characters. A remote attacker could use this flaw to\n bypass intended environment variable restrictions.\n (CVE-2014-2532)\n\n - It was discovered that OpenSSH clients did not correctly\n verify DNS SSHFP records. A malicious server could use\n this flaw to force a connecting client to skip the DNS\n SSHFP record check and require the user to perform\n manual host verification of the DNS SSHFP record.\n (CVE-2014-2653)\n\n - It was found that when OpenSSH was used in a Kerberos\n environment, remote authenticated users were allowed to\n log in as a different user if they were listed in the\n ~/.k5users file of that user, potentially bypassing\n intended authentication restrictions. (CVE-2014-9278)\n\n - It was discovered that the OpenSSH sshd daemon did not\n check the list of keyboard-interactive authentication\n methods for duplicates. A remote attacker could use this\n flaw to bypass the MaxAuthTries limit, making it easier\n to perform password guessing attacks. (CVE-2015-5600)\n\n - It was discovered that the OpenSSH sshd daemon fetched\n PAM environment settings before running the login\n program. In configurations with UseLogin=yes and the\n pam_env PAM module configured to read user environment\n settings, a local user could use this flaw to execute\n arbitrary code as root. (CVE-2015-8325)\n\n - An information leak flaw was found in the way the\n OpenSSH client roaming feature was implemented. A\n malicious server could potentially use this flaw to leak\n portions of memory (possibly including private SSH keys)\n of a successfully authenticated OpenSSH client.\n (CVE-2016-0777)\n\n - An access flaw was discovered in OpenSSH; the OpenSSH\n client did not correctly handle failures to generate\n authentication cookies for untrusted X11 forwarding. A\n malicious or compromised remote X application could\n possibly use this flaw to establish a trusted connection\n to the local X server, even if only untrusted X11\n forwarding was requested. (CVE-2016-1908)\n\n - A covert timing channel flaw was found in the way\n OpenSSH handled authentication of non-existent users. A\n remote unauthenticated attacker could possibly use this\n flaw to determine valid user names by measuring the\n timing of server responses. (CVE-2016-6210)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0146\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openssh-latest packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2006-5051\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-1908\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"openssh-latest-7.9p1-1.el6.cgsl7741\",\n \"openssh-latest-askpass-7.9p1-1.el6.cgsl7741\",\n \"openssh-latest-cavs-7.9p1-1.el6.cgsl7741\",\n \"openssh-latest-clients-7.9p1-1.el6.cgsl7741\",\n \"openssh-latest-debuginfo-7.9p1-1.el6.cgsl7741\",\n \"openssh-latest-keycat-7.9p1-1.el6.cgsl7741\",\n \"openssh-latest-ldap-7.9p1-1.el6.cgsl7741\",\n \"openssh-latest-server-7.9p1-1.el6.cgsl7741\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-latest\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:27:04", "description": "According to its self-reported version number, the remote pfSense install is prior to 2.2.5. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2653", "CVE-2015-1283", "CVE-2015-1416", "CVE-2015-1418", "CVE-2015-5600", "CVE-2015-5675", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-6565", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7704", "CVE-2015-7705", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-7848", "CVE-2015-7849", "CVE-2015-7850", "CVE-2015-7851", "CVE-2015-7852", "CVE-2015-7853", "CVE-2015-7854", "CVE-2015-7855", "CVE-2015-7871"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-15_08.NASL", "href": "https://www.tenable.com/plugins/nessus/106497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106497);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\n \"CVE-2014-2653\",\n \"CVE-2015-1283\",\n \"CVE-2015-1416\",\n \"CVE-2015-1418\",\n \"CVE-2015-5600\",\n \"CVE-2015-5675\",\n \"CVE-2015-6563\",\n \"CVE-2015-6564\",\n \"CVE-2015-6565\",\n \"CVE-2015-7691\",\n \"CVE-2015-7692\",\n \"CVE-2015-7701\",\n \"CVE-2015-7702\",\n \"CVE-2015-7703\",\n \"CVE-2015-7704\",\n \"CVE-2015-7705\",\n \"CVE-2015-7803\",\n \"CVE-2015-7804\",\n \"CVE-2015-7848\",\n \"CVE-2015-7849\",\n \"CVE-2015-7850\",\n \"CVE-2015-7851\",\n \"CVE-2015-7852\",\n \"CVE-2015-7853\",\n \"CVE-2015-7854\",\n \"CVE-2015-7855\",\n \"CVE-2015-7871\"\n );\n script_bugtraq_id(\n 66459,\n 75990,\n 76116,\n 76236,\n 76317,\n 76485,\n 76497,\n 77273,\n 77274,\n 77275,\n 77276,\n 77277,\n 77278,\n 77279,\n 77280,\n 77281,\n 77282,\n 77283,\n 77284,\n 77285,\n 77286,\n 77287,\n 77288\n );\n script_xref(name:\"FreeBSD\", value:\"SA-15:14.bsdpatch\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:16.openssh\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:18.bsdpatch\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:20.expat\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:21.amd64\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:22.openssh\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:25.ntp\");\n script_xref(name:\"TRA\", value:\"TRA-2015-04\");\n\n script_name(english:\"pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is prior to 2.2.5. It is, therefore, affected by multiple\nvulnerabilities as stated in the referenced vendor advisories.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.2.5_New_Features_and_Changes\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-15_08.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec9ba339\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.2.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.2.5\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE}\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T14:44:47", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :\n\n - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)\n - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)\n - Apple ID OD Plug-in (CVE-2015-3799)\n - AppleGraphicsControl (CVE-2015-5768)\n - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)\n - bootp (CVE-2015-3778)\n - CloudKit (CVE-2015-3782)\n - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)\n - CoreText (CVE-2015-5761, CVE-2015-5755)\n - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)\n - Data Detectors Engine (CVE-2015-5750)\n - Date & Time pref pane (CVE-2015-3757)\n - Dictionary Application (CVE-2015-3774)\n - DiskImages (CVE-2015-3800)\n - dyld (CVE-2015-3760)\n - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)\n - groff (CVE-2009-5044, CVE-2009-5078)\n - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)\n - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)\n - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)\n - IOGraphics (CVE-2015-3770, CVE-2015-5783)\n - IOHIDFamily (CVE-2015-5774)\n - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)\n - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)\n - Libinfo (CVE-2015-5776)\n - libpthread (CVE-2015-5757)\n - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)\n - libxpc (CVE-2015-3795)\n - mail_cmds (CVE-2014-7844)\n - Notification Center OSX (CVE-2015-3764)\n - ntfs (CVE-2015-5763)\n - OpenSSH (CVE-2015-5600)\n - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)\n - perl (CVE-2013-7422)\n - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)\n - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)\n - QL Office (CVE-2015-5773, CVE-2015-3784)\n - Quartz Composer Framework (CVE-2015-5771)\n - Quick Look (CVE-2015-3781)\n - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)\n - SceneKit (CVE-2015-5772, CVE-2015-3783)\n - Security (CVE-2015-3775)\n - SMBClient (CVE-2015-3773)\n - Speech UI (CVE-2015-3794)\n - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)\n - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)\n - Text Formats (CVE-2015-3762)\n - udf (CVE-2015-3767)\n\n Note that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-10-16T00:00:00", "type": "nessus", "title": "Mac OS X < 10.10.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5044", "CVE-2009-5078", "CVE-2013-1775", "CVE-2013-1776", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-7040", "CVE-2013-7338", "CVE-2013-7422", "CVE-2014-0067", "CVE-2014-0106", "CVE-2014-0191", "CVE-2014-1912", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-3613", "CVE-2014-3620", "CVE-2014-3660", "CVE-2014-3707", "CVE-2014-7185", "CVE-2014-7844", "CVE-2014-8109", "CVE-2014-8150", "CVE-2014-8151", "CVE-2014-8161", "CVE-2014-8767", "CVE-2014-8769", "CVE-2014-9140", "CVE-2014-9365", "CVE-2014-9680", "CVE-2015-0228", "CVE-2015-0241", "CVE-2015-0242", "CVE-2015-0243", "CVE-2015-0244", "CVE-2015-0253", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3185", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3757", "CVE-2015-3760", "CVE-2015-3761", "CVE-2015-3762", "CVE-2015-3764", "CVE-2015-3765", "CVE-2015-3766", "CVE-2015-3767", "CVE-2015-3768", "CVE-2015-3769", "CVE-2015-3770", "CVE-2015-3771", "CVE-2015-3772", "CVE-2015-3773", "CVE-2015-3774", "CVE-2015-3775", "CVE-2015-3776", "CVE-2015-3777", "CVE-2015-3778", "CVE-2015-3779", "CVE-2015-3780", "CVE-2015-3781", "CVE-2015-3782", "CVE-2015-3783", "CVE-2015-3784", "CVE-2015-3786", "CVE-2015-3787", "CVE-2015-3788", "CVE-2015-3789", "CVE-2015-3790", "CVE-2015-3791", "CVE-2015-3792", "CVE-2015-3794", "CVE-2015-3795", "CVE-2015-3796", "CVE-2015-3797", "CVE-2015-3798", "CVE-2015-3799", "CVE-2015-3800", "CVE-2015-3802", "CVE-2015-3803", "CVE-2015-3804", "CVE-2015-3805", "CVE-2015-3806", "CVE-2015-3807", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-5600", "CVE-2015-5747", "CVE-2015-5748", "CVE-2015-5750", "CVE-2015-5751", "CVE-2015-5753", "CVE-2015-5754", "CVE-2015-5755", "CVE-2015-5756", "CVE-2015-5757", "CVE-2015-5758", "CVE-2015-5761", "CVE-2015-5763", "CVE-2015-5768", "CVE-2015-5771", "CVE-2015-5772", "CVE-2015-5773", "CVE-2015-5774", "CVE-2015-5775", "CVE-2015-5776", "CVE-2015-5777", "CVE-2015-5778", "CVE-2015-5779", "CVE-2015-5781", "CVE-2015-5782", "CVE-2015-5783", "CVE-2015-5784"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "8981.PRM", "href": "https://www.tenable.com/plugins/nnm/8981", "sourceData": "Binary data 8981.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T15:20:19", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - apache_mod_php\n - Apple ID OD Plug-in\n - AppleGraphicsControl\n - Bluetooth\n - bootp\n - CloudKit\n - CoreMedia Playback\n - CoreText\n - curl\n - Data Detectors Engine\n - Date & Time pref pane\n - Dictionary Application\n - DiskImages\n - dyld\n - FontParser\n - groff\n - ImageIO\n - Install Framework Legacy\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - Kernel\n - Libc\n - Libinfo\n - libpthread\n - libxml2\n - libxpc\n - mail_cmds\n - Notification Center OSX\n - ntfs\n - OpenSSH\n - OpenSSL\n - perl\n - PostgreSQL\n - python\n - QL Office\n - Quartz Composer Framework\n - Quick Look\n - QuickTime 7\n - SceneKit\n - Security\n - SMBClient\n - Speech UI\n - sudo\n - tcpdump\n - Text Formats\n - udf \n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5044", "CVE-2009-5078", "CVE-2012-6685", "CVE-2013-1775", "CVE-2013-1776", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-7040", "CVE-2013-7338", "CVE-2013-7422", "CVE-2014-0067", "CVE-2014-0106", "CVE-2014-0191", "CVE-2014-1912", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-3613", "CVE-2014-3620", "CVE-2014-3660", "CVE-2014-3707", "CVE-2014-7185", "CVE-2014-7844", "CVE-2014-8109", "CVE-2014-8150", "CVE-2014-8151", "CVE-2014-8161", "CVE-2014-8767", "CVE-2014-8769", "CVE-2014-9140", "CVE-2014-9365", "CVE-2014-9680", "CVE-2015-0228", "CVE-2015-0241", "CVE-2015-0242", "CVE-2015-0243", "CVE-2015-0244", "CVE-2015-0253", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3185", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3729", "CVE-2015-3730", "CVE-2015-3731", "CVE-2015-3732", "CVE-2015-3733", "CVE-2015-3734", "CVE-2015-3735", "CVE-2015-3736", "CVE-2015-3737", "CVE-2015-3738", "CVE-2015-3739", "CVE-2015-3740", "CVE-2015-3741", "CVE-2015-3742", "CVE-2015-3743", "CVE-2015-3744", "CVE-2015-3745", "CVE-2015-3746", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3752", "CVE-2015-3753", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-3757", "CVE-2015-3760", "CVE-2015-3761", "CVE-2015-3762", "CVE-2015-3764", "CVE-2015-3765", "CVE-2015-3766", "CVE-2015-3767", "CVE-2015-3768", "CVE-2015-3769", "CVE-2015-3770", "CVE-2015-3771", "CVE-2015-3772", "CVE-2015-3773", "CVE-2015-3774", "CVE-2015-3775", "CVE-2015-3776", "CVE-2015-3777", "CVE-2015-3778", "CVE-2015-3779", "CVE-2015-3780", "CVE-2015-3781", "CVE-2015-3782", "CVE-2015-3783", "CVE-2015-3784", "CVE-2015-3786", "CVE-2015-3787", "CVE-2015-3788", "CVE-2015-3789", "CVE-2015-3790", "CVE-2015-3791", "CVE-2015-3792", "CVE-2015-3794", "CVE-2015-3795", "CVE-2015-3796", "CVE-2015-3797", "CVE-2015-3798", "CVE-2015-3799", "CVE-2015-3800", "CVE-2015-3802", "CVE-2015-3803", "CVE-2015-3804", "CVE-2015-3805", "CVE-2015-3806", "CVE-2015-3807", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-5600", "CVE-2015-5747", "CVE-2015-5748", "CVE-2015-5750", "CVE-2015-5751", "CVE-2015-5753", "CVE-2015-5754", "CVE-2015-5755", "CVE-2015-5756", "CVE-2015-5757", "CVE-2015-5758", "CVE-2015-5761", "CVE-2015-5763", "CVE-2015-5768", "CVE-2015-5771", "CVE-2015-5772", "CVE-2015-5773", "CVE-2015-5774", "CVE-2015-5775", "CVE-2015-5776", "CVE-2015-5777", "CVE-2015-5778", "CVE-2015-5779", "CVE-2015-5781", "CVE-2015-5782", "CVE-2015-5783", "CVE-2015-5784"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_10_5.NASL", "href": "https://www.tenable.com/plugins/nessus/85408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85408);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2009-5044\",\n \"CVE-2009-5078\",\n \"CVE-2012-6685\",\n \"CVE-2013-1775\",\n \"CVE-2013-1776\",\n \"CVE-2013-2776\",\n \"CVE-2013-2777\",\n \"CVE-2013-7040\",\n \"CVE-2013-7338\",\n \"CVE-2013-7422\",\n \"CVE-2014-0067\",\n \"CVE-2014-0106\",\n \"CVE-2014-0191\",\n \"CVE-2014-1912\",\n \"CVE-2014-3581\",\n \"CVE-2014-3583\",\n \"CVE-2014-3613\",\n \"CVE-2014-3620\",\n \"CVE-2014-3660\",\n \"CVE-2014-3707\",\n \"CVE-2014-7185\",\n \"CVE-2014-7844\",\n \"CVE-2014-8109\",\n \"CVE-2014-8150\",\n \"CVE-2014-8151\",\n \"CVE-2014-8161\",\n \"CVE-2014-8767\",\n \"CVE-2014-8769\",\n \"CVE-2014-9140\",\n \"CVE-2014-9365\",\n \"CVE-2014-9680\",\n \"CVE-2015-0228\",\n \"CVE-2015-0241\",\n \"CVE-2015-0242\",\n \"CVE-2015-0243\",\n \"CVE-2015-0244\",\n \"CVE-2015-0253\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-2783\",\n \"CVE-2015-2787\",\n \"CVE-2015-3143\",\n \"CVE-2015-3144\",\n \"CVE-2015-3145\",\n \"CVE-2015-3148\",\n \"CVE-2015-3153\",\n \"CVE-2015-3183\",\n \"CVE-2015-3185\",\n \"CVE-2015-3307\",\n \"CVE-2015-3329\",\n \"CVE-2015-3330\",\n \"CVE-2015-3729\",\n \"CVE-2015-3730\",\n \"CVE-2015-3731\",\n \"CVE-2015-3732\",\n \"CVE-2015-3733\",\n \"CVE-2015-3734\",\n \"CVE-2015-3735\",\n \"CVE-2015-3736\",\n \"CVE-2015-3737\",\n \"CVE-2015-3738\",\n \"CVE-2015-3739\",\n \"CVE-2015-3740\",\n \"CVE-2015-3741\",\n \"CVE-2015-3742\",\n \"CVE-2015-3743\",\n \"CVE-2015-3744\",\n \"CVE-2015-3745\",\n \"CVE-2015-3746\",\n \"CVE-2015-3747\",\n \"CVE-2015-3748\",\n \"CVE-2015-3749\",\n \"CVE-2015-3750\",\n \"CVE-2015-3751\",\n \"CVE-2015-3752\",\n \"CVE-2015-3753\",\n \"CVE-2015-3754\",\n \"CVE-2015-3755\",\n \"CVE-2015-3757\",\n \"CVE-2015-3760\",\n \"CVE-2015-3761\",\n \"CVE-2015-3762\",\n \"CVE-2015-3764\",\n \"CVE-2015-3765\",\n \"CVE-2015-3766\",\n \"CVE-2015-3767\",\n \"CVE-2015-3768\",\n \"CVE-2015-3769\",\n \"CVE-2015-3770\",\n \"CVE-2015-3771\",\n \"CVE-2015-3772\",\n \"CVE-2015-3773\",\n \"CVE-2015-3774\",\n \"CVE-2015-3775\",\n \"CVE-2015-3776\",\n \"CVE-2015-3777\",\n \"CVE-2015-3778\",\n \"CVE-2015-3779\",\n \"CVE-2015-3780\",\n \"CVE-2015-3781\",\n \"CVE-2015-3782\",\n \"CVE-2015-3783\",\n \"CVE-2015-3784\",\n \"CVE-2015-3786\",\n \"CVE-2015-3787\",\n \"CVE-2015-3788\",\n \"CVE-2015-3789\",\n \"CVE-2015-3790\",\n \"CVE-2015-3791\",\n \"CVE-2015-3792\",\n \"CVE-2015-3794\",\n \"CVE-2015-3795\",\n \"CVE-2015-3796\",\n \"CVE-2015-3797\",\n \"CVE-2015-3798\",\n \"CVE-2015-3799\",\n \"CVE-2015-3800\",\n \"CVE-2015-3802\",\n \"CVE-2015-3803\",\n \"CVE-2015-3804\",\n \"CVE-2015-3805\",\n \"CVE-2015-3806\",\n \"CVE-2015-3807\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\",\n \"CVE-2015-4147\",\n \"CVE-2015-4148\",\n \"CVE-2015-5600\",\n \"CVE-2015-5747\",\n \"CVE-2015-5748\",\n \"CVE-2015-5750\",\n \"CVE-2015-5751\",\n \"CVE-2015-5753\",\n \"CVE-2015-5754\",\n \"CVE-2015-5755\",\n \"CVE-2015-5756\",\n \"CVE-2015-5757\",\n \"CVE-2015-5758\",\n \"CVE-2015-5761\",\n \"CVE-2015-5763\",\n \"CVE-2015-5768\",\n \"CVE-2015-5771\",\n \"CVE-2015-5772\",\n \"CVE-2015-5773\",\n \"CVE-2015-5774\",\n \"CVE-2015-5775\",\n \"CVE-2015-5776\",\n \"CVE-2015-5777\",\n \"CVE-2015-5778\",\n \"CVE-2015-5779\",\n \"CVE-2015-5781\",\n \"CVE-2015-5782\",\n \"CVE-2015-5783\",\n \"CVE-2015-5784\"\n );\n script_bugtraq_id(\n 36381,\n 58203,\n 58207,\n 62741,\n 64194,\n 65179,\n 65379,\n 65721,\n 65997,\n 67233,\n 69742,\n 69748,\n 70089,\n 70644,\n 70988,\n 71150,\n 71153,\n 71468,\n 71639,\n 71656,\n 71657,\n 71701,\n 71964,\n 72538,\n 72540,\n 72542,\n 72543,\n 72649,\n 72981,\n 73040,\n 73041,\n 73357,\n 73431,\n 74174,\n 74204,\n 74239,\n 74240,\n 74299,\n 74300,\n 74301,\n 74303,\n 74408,\n 74700,\n 74703,\n 74902,\n 74903,\n 74904,\n 75056,\n 75103,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75704,\n 75963,\n 75964,\n 75965,\n 75990,\n 76337,\n 76338,\n 76339,\n 76340,\n 76341,\n 76342,\n 76343,\n 76344\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-08-13-2\");\n\n script_name(english:\"Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.10.x that is prior\nto 10.10.5. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - apache\n - apache_mod_php\n - Apple ID OD Plug-in\n - AppleGraphicsControl\n - Bluetooth\n - bootp\n - CloudKit\n - CoreMedia Playback\n - CoreText\n - curl\n - Data Detectors Engine\n - Date & Time pref pane\n - Dictionary Application\n - DiskImages\n - dyld\n - FontParser\n - groff\n - ImageIO\n - Install Framework Legacy\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - Kernel\n - Libc\n - Libinfo\n - libpthread\n - libxml2\n - libxpc\n - mail_cmds\n - Notification Center OSX\n - ntfs\n - OpenSSH\n - OpenSSL\n - perl\n - PostgreSQL\n - python\n - QL Office\n - Quartz Composer Framework\n - Quick Look\n - QuickTime 7\n - SceneKit\n - Security\n - SMBClient\n - Speech UI\n - sudo\n - tcpdump\n - Text Formats\n - udf \n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.10([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.10\", \"Mac OS X \"+version);\n\nfixed_version = \"10.10.5\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected since it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2023-02-21T21:52:43", "description": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. ([CVE-2015-5600](<https://vulners.com/cve/CVE-2015-5600>))\n\nImpact\n\nRemote attackers may be able to conduct brute-force attacks or cause a denial-of-service (DoS) by way of the ssh -oKbdInteractiveDevices option.\n", "cvss3": {}, "published": "2015-08-14T17:16:00", "type": "f5", "title": "OpenSSH vulnerability CVE-2015-5600", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2018-09-21T20:59:00", "id": "F5:K17113", "href": "https://support.f5.com/csp/article/K17113", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-06-08T18:45:06", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system. In addition, secure the BIG-IP system from unwanted connection attempts by controlling the level of access to each self IP address defined on the system. For more information, refer to SOL13250: Overview of port lockdown behavior (10.x - 11.x).\n\nSupplemental Information\n\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS\n * SOL11719: Mitigating risk from SSH brute force login attacks\n", "cvss3": {}, "published": "2015-08-14T00:00:00", "type": "f5", "title": "SOL17113 - OpenSSH vulnerability CVE-2015-5600", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2016-06-09T00:00:00", "id": "SOL17113", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17113.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used (the default configuration in Mageia), can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker in brute-force password guessing (CVE-2015-5600). \n", "cvss3": {}, "published": "2015-07-28T21:01:59", "type": "mageia", "title": "Updated openssh package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-07-28T21:01:59", "id": "MGASA-2015-0295", "href": "https://advisories.mageia.org/MGASA-2015-0295.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "debian": [{"lastseen": "2022-06-28T23:40:17", "description": "Package : openssh\nVersion : 1:5.5p1-6+squeeze7\nCVE ID : CVE-2015-5600\n\nIn Debian LTS (squeeze), the fix for CVE-2015-5600[1] in openssh\n1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the\nkeyboard-interactive method. Thanks to Colin Watson for making aware of\nthat.\n\nThe patch fixing CVE-2015-5600 introduces the field &#x27;devices_done&#x27; to the\nKbdintAuthctxt struct, but does not initialize the field in the\nkbdint_alloc() function. On Linux, this ends up filling that field with\njunk data. The result of this are random login failures when\nkeyboard-interactive authentication is used.\n\nThis upload of openssh 1:5.5p1-6+squeeze7 to Debian LTS (squeeze) adds\nthat initialization of the `devices_done` field alongside the existing\ninitialization code.\n\nPeople relying on keyboard-interactive based authentication mechanisms with\nOpenSSH on Debian squeeze(-lts) systems are recommended to upgrade\nOpenSSH to 1:5.5p1-6+squeeze7.\n\n[1] https://lists.debian.org/debian-lts-announce/2015/08/msg00001.html\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2015-09-30T03:37:43", "type": "debian", "title": "[SECURITY] [DLA 288-2] openssh regression update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-09-30T03:37:43", "id": "DEBIAN:DLA-288-2:68C70", "href": "https://lists.debian.org/debian-lts-announce/2015/09/msg00015.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-10-23T22:21:53", "description": "Package : openssh\nVersion : 1:5.5p1-6+squeeze7\nCVE ID : CVE-2015-5600\n\nIn Debian LTS (squeeze), the fix for CVE-2015-5600[1] in openssh\n1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the\nkeyboard-interactive method. Thanks to Colin Watson for making aware of\nthat.\n\nThe patch fixing CVE-2015-5600 introduces the field &#x27;devices_done&#x27; to the\nKbdintAuthctxt struct, but does not initialize the field in the\nkbdint_alloc() function. On Linux, this ends up filling that field with\njunk data. The result of this are random login failures when\nkeyboard-interactive authentication is used.\n\nThis upload of openssh 1:5.5p1-6+squeeze7 to Debian LTS (squeeze) adds\nthat initialization of the `devices_done` field alongside the existing\ninitialization code.\n\nPeople relying on keyboard-interactive based authentication mechanisms with\nOpenSSH on Debian squeeze(-lts) systems are recommended to upgrade\nOpenSSH to 1:5.5p1-6+squeeze7.\n\n[1] https://lists.debian.org/debian-lts-announce/2015/08/msg00001.html\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2015-09-30T03:37:43", "type": "debian", "title": "[SECURITY] [DLA 288-2] openssh regression update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-09-30T03:37:43", "id": "DEBIAN:DLA-288-2:B65D2", "href": "https://lists.debian.org/debian-lts-announce/2015/09/msg00015.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-05T23:50:42", "description": "Package : openssh\nVersion : 1:5.5p1-6+squeeze6\nCVE ID : CVE-2015-5352 CVE-2015-5600\nDebian Bug : #790798 #793616\n\nA recent upload of OpenSSH to Debian squeeze-lts fixes two security issues.\n\nCVE-2015-5352\n\n It was reported that when forwarding X11 connections with\n ForwardX11Trusted=no, connections made after ForwardX11Timeout\n (hard-coded value of 1200secs in the Debian squeeze version of\n OpenSSH) expired could be permitted and no longer subject to XSECURITY\n restrictions because of an ineffective timeout check in ssh(1)\n coupled with &quot;fail open&quot; behaviour in the X11 server when clients\n attempted connections with expired credentials. This problem was\n reported by Jann Horn.\n\n We now reject X11 connections after the hard-coded Xauth cookie\n expiration time of 1200 seconds.\n\nCVE-2015-5600\n\n It was found that OpenSSH would allow an attacker to request a large\n number of keyboard-interactive devices when entering a password,\n which could allow a remote attacker to bypass the MaxAuthTries limit\n defined in the sshd_config file.\n\n This flaw only affects OpenSSH configurations that have the\n &#x27;KbdInteractiveAuthentication&#x27; configuration option set to &#x27;yes&#x27;. By\n default, this option has the same value as the\n &#x27;ChallengeResponseAuthentication&#x27; option.\n\n By default, all versions of Debian have the\n &#x27;ChallengeResponseAuthentication&#x27; option set to &#x27;no&#x27;, meaning default\n OpenSSH configurations are not affected by this flaw.\n\n We now only query each keyboard-interactive device once per\n authentication request regardless of how many times it is listed.\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2015-08-07T11:38:21", "type": "debian", "title": "[SECURITY] [DLA 288-1] openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600"], "modified": "2015-08-07T11:38:21", "id": "DEBIAN:DLA-288-1:36C61", "href": "https://lists.debian.org/debian-lts-announce/2015/08/msg00001.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-10-23T22:24:32", "description": "Package : openssh\nVersion : 1:5.5p1-6+squeeze6\nCVE ID : CVE-2015-5352 CVE-2015-5600\nDebian Bug : #790798 #793616\n\nA recent upload of OpenSSH to Debian squeeze-lts fixes two security issues.\n\nCVE-2015-5352\n\n It was reported that when forwarding X11 connections with\n ForwardX11Trusted=no, connections made after ForwardX11Timeout\n (hard-coded value of 1200secs in the Debian squeeze version of\n OpenSSH) expired could be permitted and no longer subject to XSECURITY\n restrictions because of an ineffective timeout check in ssh(1)\n coupled with &quot;fail open&quot; behaviour in the X11 server when clients\n attempted connections with expired credentials. This problem was\n reported by Jann Horn.\n\n We now reject X11 connections after the hard-coded Xauth cookie\n expiration time of 1200 seconds.\n\nCVE-2015-5600\n\n It was found that OpenSSH would allow an attacker to request a large\n number of keyboard-interactive devices when entering a password,\n which could allow a remote attacker to bypass the MaxAuthTries limit\n defined in the sshd_config file.\n\n This flaw only affects OpenSSH configurations that have the\n &#x27;KbdInteractiveAuthentication&#x27; configuration option set to &#x27;yes&#x27;. By\n default, this option has the same value as the\n &#x27;ChallengeResponseAuthentication&#x27; option.\n\n By default, all versions of Debian have the\n &#x27;ChallengeResponseAuthentication&#x27; option set to &#x27;no&#x27;, meaning default\n OpenSSH configurations are not affected by this flaw.\n\n We now only query each keyboard-interactive device once per\n authentication request regardless of how many times it is listed.\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2015-08-07T11:38:21", "type": "debian", "title": "[SECURITY] [DLA 288-1] openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600"], "modified": "2015-08-07T11:38:21", "id": "DEBIAN:DLA-288-1:31147", "href": "https://lists.debian.org/debian-lts-announce/2015/08/msg00001.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-03-19T18:09:48", "description": "Package : openssh\nVersion : 1:6.7p1-5+deb8u6\nCVE ID : CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564\n CVE-2016-1908 CVE-2016-3115 CVE-2016-6515 CVE-2016-10009\n CVE-2016-10011 CVE-2016-10012 CVE-2016-10708\n CVE-2017-15906\nDebian Bug : 790798 793616 795711 848716 848717\n\n\nSeveral vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\nCVE-2015-5352\n\n OpenSSH incorrectly verified time window deadlines for X connections.\n Remote attackers could take advantage of this flaw to bypass intended\n access restrictions. Reported by Jann Horn.\n\nCVE-2015-5600\n\n OpenSSH improperly restricted the processing of keyboard-interactive\n devices within a single connection, which could allow remote attackers\n to perform brute-force attacks or cause a denial of service, in a\n non-default configuration.\n\nCVE-2015-6563\n\n OpenSSH incorrectly handled usernames during PAM authentication. In\n conjunction with an additional flaw in the OpenSSH unprivileged child\n process, remote attackers could make use if this issue to perform user\n impersonation. Discovered by Moritz Jodeit.\n\nCVE-2015-6564\n\n Moritz Jodeit discovered a use-after-free flaw in PAM support in\n OpenSSH, that could be used by remote attackers to bypass\n authentication or possibly execute arbitrary code.\n\nCVE-2016-1908\n\n OpenSSH mishandled untrusted X11 forwarding when the X server disables\n the SECURITY extension. Untrusted connections could obtain trusted X11\n forwarding privileges. Reported by Thomas Hoger.\n\nCVE-2016-3115\n\n OpenSSH improperly handled X11 forwarding data related to\n authentication credentials. Remote authenticated users could make use\n of this flaw to bypass intended shell-command restrictions. Identified\n by github.com/tintinweb.\n\nCVE-2016-6515\n\n OpenSSH did not limit password lengths for password authentication.\n Remote attackers could make use of this flaw to cause a denial of\n service via long strings.\n\nCVE-2016-10009\n\n Jann Horn discovered an untrusted search path vulnerability in\n ssh-agent allowing remote attackers to execute arbitrary local\n PKCS#11 modules by leveraging control over a forwarded agent-socket.\n\nCVE-2016-10011\n\n Jann Horn discovered that OpenSSH did not properly consider the\n effects of realloc on buffer contents. This may allow local users to\n obtain sensitive private-key information by leveraging access to a\n privilege-separated child process.\n\nCVE-2016-10012\n\n Guido Vranken discovered that the OpenSSH shared memory manager\n did not ensure that a bounds check was enforced by all compilers,\n which could allow local users to gain privileges by leveraging access\n to a sandboxed privilege-separation process.\n\nCVE-2016-10708\n\n NULL pointer dereference and daemon crash via an out-of-sequence\n NEWKEYS message.\n\nCVE-2017-15906\n\n Michal Zalewski reported that OpenSSH improperly prevent write\n operations in readonly mode, allowing attackers to create zero-length\n files.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\nWe recommend that you upgrade your openssh packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-10T08:44:17", "type": "debian", "title": "[SECURITY] [DLA 1500-1] openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10708", "CVE-2016-1908", "CVE-2016-3115", "CVE-2016-6515", "CVE-2017-15906"], "modified": "2018-09-10T08:44:17", "id": "DEBIAN:DLA-1500-1:E6BD7", "href": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:08:09", "description": "It&#39;s possible to bypass MaxAuthTries restrictions.", "cvss3": {}, "published": "2015-08-24T00:00:00", "type": "securityvulns", "title": "OpenSSH resreictions bypass", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-5600"], "modified": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14614", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14614", "sourceData": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n=============================================================================\r\nFreeBSD-SA-15:16.openssh Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: OpenSSH multiple vulnerabilities\r\n\r\nCategory: contrib\r\nModule: openssh\r\nAnnounced: 2015-07-28, revised on 2015-07-30\r\nAffects: All supported versions of FreeBSD.\r\nCorrected: 2015-07-28 19:58:44 UTC &#40;stable/10, 10.2-PRERELEASE&#41;\r\n 2015-07-28 19:58:44 UTC &#40;stable/10, 10.2-BETA2-p2&#41;\r\n 2015-07-28 19:59:04 UTC &#40;releng/10.2, 10.2-RC1-p1&#41;\r\n 2015-07-28 19:59:11 UTC &#40;releng/10.1, 10.1-RELEASE-p16&#41;\r\n 2015-07-28 19:58:54 UTC &#40;stable/9, 9.3-STABLE&#41;\r\n 2015-07-28 19:59:22 UTC &#40;releng/9.3, 9.3-RELEASE-p21&#41;\r\n 2015-07-30 10:09:07 UTC &#40;stable/8, 8.4-STABLE&#41;\r\n 2015-07-30 10:09:31 UTC &#40;releng/8.4, 8.4-RELEASE-p36&#41;\r\nCVE Name: CVE-2014-2653, CVE-2015-5600\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit &lt;URL:https://security.FreeBSD.org/&gt;.\r\n\r\n0. Revision history\r\n\r\nv1.0 2015-02-25 Initial release.\r\nv1.1 2015-07-30 Revised patch for FreeBSD 8.x to address regression when\r\n keyboard interactive authentication is used.\r\n\r\nI. Background\r\n\r\nOpenSSH is an implementation of the SSH protocol suite, providing an\r\nencrypted and authenticated transport for a variety of services,\r\nincluding remote shell access.\r\n\r\nThe security of the SSH connection relies on the server authenticating\r\nitself to the client as well as the user authenticating itself to the\r\nserver. SSH servers uses host keys to verify their identity.\r\n\r\nRFC 4255 has defined a method of verifying SSH host keys using Domain\r\nName System Security &#40;DNSSEC&#41;, by publishing the key fingerprint using\r\nDNS with &quot;SSHFP&quot; resource record. RFC 6187 has defined methods to use\r\na signature by a trusted certification authority to bind a given public\r\nkey to a given digital identity with X.509v3 certificates.\r\n\r\nThe PAM &#40;Pluggable Authentication Modules&#41; library provides a flexible\r\nframework for user authentication and session setup / teardown.\r\n\r\nOpenSSH uses PAM for password authentication by default.\r\n\r\nII. Problem Description\r\n\r\nOpenSSH clients does not correctly verify DNS SSHFP records when a server\r\noffers a certificate. [CVE-2014-2653]\r\n\r\nOpenSSH servers which are configured to allow password authentication\r\nusing PAM &#40;default&#41; would allow many password attempts.\r\n\r\nIII. Impact\r\n\r\nA malicious server may be able to force a connecting client to skip DNS\r\nSSHFP record check and require the user to perform manual host verification\r\nof the host key fingerprint. This could allow man-in-the-middle attack\r\nif the user does not carefully check the fingerprint. [CVE-2014-2653]\r\n\r\nA remote attacker may effectively bypass MaxAuthTries settings, which would\r\nenable them to brute force passwords. [CVE-2015-5600]\r\n\r\nIV. Workaround\r\n\r\nSystems that do not use OpenSSH are not affected.\r\n\r\nThere is no workaround for CVE-2014-2653, but the problem only affects\r\nnetworks where DNSsec and SSHFP is properly configured. Users who uses\r\nSSH should always check server host key fingerprints carefully when\r\nprompted.\r\n\r\nSystem administrators can set:\r\n\r\n\tUsePAM no\r\n\r\nIn their /etc/ssh/sshd_config and restart sshd service to workaround the\r\nproblem described as CVE-2015-5600 at expense of losing features provided\r\nby the PAM framework.\r\n\r\nWe recommend system administrators to disable password based authentication\r\ncompletely, and use key based authentication exclusively in their SSH server\r\nconfiguration, when possible. This would eliminate the possibility of being\r\never exposed to password brute force attack.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1&#41; Upgrade your vulnerable system to a supported FreeBSD stable or\r\nrelease / security branch &#40;releng&#41; dated after the correction date.\r\n\r\nSSH service has to be restarted after the update. A reboot is recommended\r\nbut not required.\r\n\r\n2&#41; To update your vulnerable system via a binary patch:\r\n\r\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\r\nplatforms can be updated via the freebsd-update&#40;8&#41; utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nSSH service has to be restarted after the update. A reboot is recommended\r\nbut not required.\r\n\r\n3&#41; To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to the applicable\r\nFreeBSD release branches.\r\n\r\na&#41; Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n[FreeBSD 9.3, 10.1, 10.2]\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh.patch\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh.patch.asc\r\n# gpg --verify openssh.patch.asc\r\n\r\n[FreeBSD 8.4]\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch.asc\r\n# gpg --verify openssh-8.patch.asc\r\n\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patc\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patch.asc\r\n# gpg --verify openssh-8-errata.patch.asc\r\n\r\nb&#41; Apply the patch. Execute the following commands as root:\r\n\r\n# cd /usr/src\r\n# patch &lt; /path/to/patch\r\n\r\nc&#41; Recompile the operating system using buildworld and installworld as\r\ndescribed in &lt;URL:https://www.FreeBSD.org/handbook/makeworld.html&gt;.\r\n\r\nRestart the SSH service, or reboot the system.\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the correction revision numbers for each\r\naffected branch.\r\n\r\nBranch/path Revision\r\n- -------------------------------------------------------------------------\r\nstable/8/ r286067\r\nreleng/8.4/ r286068\r\nstable/9/ r285977\r\nreleng/9.3/ r285980\r\nstable/10/ r285976\r\nreleng/10.1/ r285979\r\nreleng/10.2/ r285978\r\n- -------------------------------------------------------------------------\r\n\r\nTo see which files were modified by a particular revision, run the\r\nfollowing command, replacing NNNNNN with the revision number, on a\r\nmachine with Subversion installed:\r\n\r\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\r\n\r\nOr visit the following URL, replacing NNNNNN with the revision number:\r\n\r\n&lt;URL:https://svnweb.freebsd.org/base?view=revision&amp;revision=NNNNNN&gt;\r\n\r\nVII. References\r\n\r\n&lt;URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653&gt;\r\n\r\n&lt;URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600&gt;\r\n\r\nThe latest revision of this advisory is available at\r\n&lt;URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:16.openssh.asc&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.1.6 &#40;FreeBSD&#41;\r\n\r\niQIcBAEBCgAGBQJVufuCAAoJEO1n7NZdz2rnHHAQALfjXH/WyrgpHxw1YFipwFSD\r\nbl+HLbdvMVbfBxLV7eVBK9RPQiyoxwocmU0uMdiNEIWt2llczTLEl/wtUjj6f4Ko\r\nK6E7AAOgOX4zdQxBd2502FvXC1oNbDEvK8X3M4MzPHAG4QRgXNffRGYvClmbayck\r\n2i+bjcHdKAEwFJjHk4wXOQ0yhdF6Q36bH0N3kPV9z7sAt3tuzSWhvtX6QQSyeuCJ\r\nie2db9CdSUnFhYELJnVMpVTf3ppMqUT6QEe45LmsGA6F8yWdMaW2vtMdJq6xFVYP\r\nINCUVyOlDRu0TibjLUpXu4KugeDgyTXy9oz4SRdnpcUWz33fM6aSgOkpiM1h05ja\r\nBJrs0HZbkjCwtD+8a0buoyIKb9NBIsDKbrec5g8AEDkAHjRzraLGAXUYwkFeyqYJ\r\nj+ll5r5iu5fc4s8QM+ySlGCW8V9Ix8FX7Rr7FhAWLSKEldDsnCRjG4EfrAcd1HiC\r\nPleAnLv4uKwfSugIBIEs5ls7+TzWytW8nnEpMEerXUD894suFIycOT6eoUYF/CCT\r\nI1nHWSITw4HSj8+wBvrhxwZCRqIMOAZB+3jzrwRE+QZkghoWnPnqrCn9uLkdndq5\r\newgz6PiuYC8Zx0Z6trA72oV+XjTKu2d6eO5tRpe9aAmhPmfBWg3fXYltVzTzF9IE\r\nr0z98qmTEPiTDi8dr+K/\r\n=GsXJ\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2015-08-02T00:00:00", "type": "securityvulns", "title": "FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2014-2653"], "modified": "2015-08-02T00:00:00", "id": "SECURITYVULNS:DOC:32378", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32378", "sourceData": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP&#39;s Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device&#39;s Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai &#40;Tsinghua University&#41;, System Security\r\nLab &#40;Indiana University&#41;, Tongxin Li &#40;Peking University&#41;, XiaoFeng\r\nWang &#40;Indiana University&#41;\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued&#39;s\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O&#39;Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford &#40;on the EPSRC Being There project&#41;\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team &#40;www.safeye.org&#41;\r\n\r\nDate &amp; Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users&#39; Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO&#39;s handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework&#39;s &#39;runner&#39;\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework&#39;s &#39;runner&#39; binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n&#40;@jollyjinx&#41; of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit&#39;s handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "cvss3": {}, "published": "2015-08-17T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:08", "description": "Over 150 different vulnerabilities in system components and libraries.", "cvss3": {}, "published": "2015-08-17T00:00:00", "type": "securityvulns", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osv": [{"lastseen": "2022-08-05T05:19:20", "description": "\nIn Debian LTS (squeeze), the fix for [CVE-2015-5600](https://security-tracker.debian.org/tracker/CVE-2015-5600) in openssh\n1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the\nkeyboard-interactive method. Thanks to Colin Watson for making aware of\nthat.\n\n\nThe patch fixing [CVE-2015-5600](https://security-tracker.debian.org/tracker/CVE-2015-5600) introduces the field devices\\_done to the\nKbdintAuthctxt struct, but does not initialize the field in the\nkbdint\\_alloc() function. On Linux, this ends up filling that field with\njunk data. The result of this are random login failures when\nkeyboard-interactive authentication is used.\n\n\nThis upload of openssh 1:5.5p1-6+squeeze7 to Debian LTS (squeeze) adds\nthat initialization of the `devices\\_done` field alongside the existing\ninitialization code.\n\n\nPeople relying on keyboard-interactive based authentication mechanisms with\nOpenSSH on Debian squeeze(-lts) systems are recommended to upgrade\nOpenSSH to 1:5.5p1-6+squeeze7.\n\n\n", "cvss3": {}, "published": "2015-09-30T00:00:00", "type": "osv", "title": "openssh - regression update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2022-08-05T05:19:16", "id": "OSV:DLA-288-2", "href": "https://osv.dev/vulnerability/DLA-288-2", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-05T05:19:18", "description": "\nIn Debian LTS (squeeze), the fix for [CVE-2015-5600](https://security-tracker.debian.org/tracker/CVE-2015-5600) in openssh\n1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the\nkeyboard-interactive method. Thanks to Colin Watson for making aware of\nthat.\n\n\nThe patch fixing [CVE-2015-5600](https://security-tracker.debian.org/tracker/CVE-2015-5600) introduces the field devices\\_done to the\nKbdintAuthctxt struct, but does not initialize the field in the\nkbdint\\_alloc() function. On Linux, this ends up filling that field with\njunk data. The result of this are random login failures when\nkeyboard-interactive authentication is used.\n\n\nThis upload of openssh 1:5.5p1-6+squeeze7 to Debian LTS (squeeze) adds\nthat initialization of the `devices\\_done` field alongside the existing\ninitialization code.\n\n\nPeople relying on keyboard-interactive based authentication mechanisms with\nOpenSSH on Debian squeeze(-lts) systems are recommended to upgrade\nOpenSSH to 1:5.5p1-6+squeeze7.\n\n\n", "cvss3": {}, "published": "2015-09-30T00:00:00", "type": "osv", "title": "openssh - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "modified": "2022-08-05T05:19:16", "id": "OSV:DLA-288-1", "href": "https://osv.dev/vulnerability/DLA-288-1", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-21T08:19:16", "description": "\nSeveral vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\n\n* [CVE-2015-5352](https://security-tracker.debian.org/tracker/CVE-2015-5352)\nOpenSSH incorrectly verified time window deadlines for X connections.\n Remote attackers could take advantage of this flaw to bypass intended\n access restrictions. Reported by Jann Horn.\n* [CVE-2015-5600](https://security-tracker.debian.org/tracker/CVE-2015-5600)\nOpenSSH improperly restricted the processing of keyboard-interactive\n devices within a single connection, which could allow remote attackers\n to perform brute-force attacks or cause a denial of service, in a\n non-default configuration.\n* [CVE-2015-6563](https://security-tracker.debian.org/tracker/CVE-2015-6563)\nOpenSSH incorrectly handled usernames during PAM authentication. In\n conjunction with an additional flaw in the OpenSSH unprivileged child\n process, remote attackers could make use if this issue to perform user\n impersonation. Discovered by Moritz Jodeit.\n* [CVE-2015-6564](https://security-tracker.debian.org/tracker/CVE-2015-6564)\nMoritz Jodeit discovered a use-after-free flaw in PAM support in\n OpenSSH, that could be used by remote attackers to bypass\n authentication or possibly execute arbitrary code.\n* [CVE-2016-1908](https://security-tracker.debian.org/tracker/CVE-2016-1908)\nOpenSSH mishandled untrusted X11 forwarding when the X server disables\n the SECURITY extension. Untrusted connections could obtain trusted X11\n forwarding privileges. Reported by Thomas Hoger.\n* [CVE-2016-3115](https://security-tracker.debian.org/tracker/CVE-2016-3115)\nOpenSSH improperly handled X11 forwarding data related to\n authentication credentials. Remote authenticated users could make use\n of this flaw to bypass intended shell-command restrictions. Identified\n by github.com/tintinweb.\n* [CVE-2016-6515](https://security-tracker.debian.org/tracker/CVE-2016-6515)\nOpenSSH did not limit password lengths for password authentication.\n Remote attackers could make use of this flaw to cause a denial of\n service via long strings.\n* [CVE-2016-10009](https://security-tracker.debian.org/tracker/CVE-2016-10009)\nJann Horn discovered an untrusted search path vulnerability in\n ssh-agent allowing remote attackers to execute arbitrary local\n PKCS#11 modules by leveraging control over a forwarded agent-socket.\n* [CVE-2016-10011](https://security-tracker.debian.org/tracker/CVE-2016-10011)\nJann Horn discovered that OpenSSH did not properly consider the\n effects of realloc on buffer contents. This may allow local users to\n obtain sensitive private-key information by leveraging access to a\n privilege-separated child process.\n* [CVE-2016-10012](https://security-tracker.debian.org/tracker/CVE-2016-10012)\nGuido Vranken discovered that the OpenSSH shared memory manager\n did not ensure that a bounds check was enforced by all compilers,\n which could allow local users to gain privileges by leveraging access\n to a sandboxed privilege-separation process.\n* [CVE-2016-10708](https://security-tracker.debian.org/tracker/CVE-2016-10708)\nNULL pointer dereference and daemon crash via an out-of-sequence\n NEWKEYS message.\n* [CVE-2017-15906](https://security-tracker.debian.org/tracker/CVE-2017-15906)\nMichal Zalewski reported that OpenSSH improperly prevent write\n operations in readonly mode, allowing attackers to create zero-length\n files.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\n\nWe recommend that you upgrade your openssh packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-10T00:00:00", "type": "osv", "title": "openssh - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-1908", "CVE-2016-10708", "CVE-2016-10011", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-6515", "CVE-2015-5352", "CVE-2016-3115", "CVE-2017-15906", "CVE-2016-10012", "CVE-2015-6563"], "modified": "2022-07-21T05:52:17", "id": "OSV:DLA-1500-1", "href": "https://osv.dev/vulnerability/DLA-1500-1", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-21T08:19:12", "description": "\nSeveral vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\n\n* [CVE-2015-5352](https://security-tracker.debian.org/tracker/CVE-2015-5352)\nOpenSSH incorrectly verified time window deadlines for X connections.\n Remote attackers could take advantage of this flaw to bypass intended\n access restrictions. Reported by Jann Horn.\n* [CVE-2015-5600](https://security-tracker.debian.org/tracker/CVE-2015-5600)\nOpenSSH improperly restricted the processing of keyboard-interactive\n devices within a single connection, which could allow remote attackers\n to perform brute-force attacks or cause a denial of service, in a\n non-default configuration.\n* [CVE-2015-6563](https://security-tracker.debian.org/tracker/CVE-2015-6563)\nOpenSSH incorrectly handled usernames during PAM authentication. In\n conjunction with an additional flaw in the OpenSSH unprivileged child\n process, remote attackers could make use if this issue to perform user\n impersonation. Discovered by Moritz Jodeit.\n* [CVE-2015-6564](https://security-tracker.debian.org/tracker/CVE-2015-6564)\nMoritz Jodeit discovered a use-after-free flaw in PAM support in\n OpenSSH, that could be used by remote attackers to bypass\n authentication or possibly execute arbitrary code.\n* [CVE-2016-1908](https://security-tracker.debian.org/tracker/CVE-2016-1908)\nOpenSSH mishandled untrusted X11 forwarding when the X server disables\n the SECURITY extension. Untrusted connections could obtain trusted X11\n forwarding privileges. Reported by Thomas Hoger.\n* [CVE-2016-3115](https://security-tracker.debian.org/tracker/CVE-2016-3115)\nOpenSSH improperly handled X11 forwarding data related to\n authentication credentials. Remote authenticated users could make use\n of this flaw to bypass intended shell-command restrictions. Identified\n by github.com/tintinweb.\n* [CVE-2016-6515](https://security-tracker.debian.org/tracker/CVE-2016-6515)\nOpenSSH did not limit password lengths for password authentication.\n Remote attackers could make use of this flaw to cause a denial of\n service via long strings.\n* [CVE-2016-10009](https://security-tracker.debian.org/tracker/CVE-2016-10009)\nJann Horn discovered an untrusted search path vulnerability in\n ssh-agent allowing remote attackers to execute arbitrary local\n PKCS#11 modules by leveraging control over a forwarded agent-socket.\n* [CVE-2016-10011](https://security-tracker.debian.org/tracker/CVE-2016-10011)\nJann Horn discovered that OpenSSH did not properly consider the\n effects of realloc on buffer contents. This may allow local users to\n obtain sensitive private-key information by leveraging access to a\n privilege-separated child process.\n* [CVE-2016-10012](https://security-tracker.debian.org/tracker/CVE-2016-10012)\nGuido Vranken discovered that the OpenSSH shared memory manager\n did not ensure that a bounds check was enforced by all compilers,\n which could allow local users to gain privileges by leveraging access\n to a sandboxed privilege-separation process.\n* [CVE-2016-10708](https://security-tracker.debian.org/tracker/CVE-2016-10708)\nNULL pointer dereference and daemon crash via an out-of-sequence\n NEWKEYS message.\n* [CVE-2017-15906](https://security-tracker.debian.org/tracker/CVE-2017-15906)\nMichal Zalewski reported that OpenSSH improperly prevent write\n operations in readonly mode, allowing attackers to create zero-length\n files.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\n\nWe recommend that you upgrade your openssh packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-10T00:00:00", "type": "osv", "title": "openssh - regression update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-1908", "CVE-2016-10708", "CVE-2016-10011", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-6515", "CVE-2015-5352", "CVE-2016-3115", "CVE-2017-15906", "CVE-2016-10012", "CVE-2015-6563"], "modified": "2022-07-21T05:52:17", "id": "OSV:DLA-1500-2", "href": "https://osv.dev/vulnerability/DLA-1500-2", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "description": "The OpenSSH server normally wouldn't allow successive authentications\nthat exceed the MaxAuthTries setting in sshd_config, however when using\nkbd-interactive challenge-response authentication the allowed login\nretries can be extended limited only by the LoginGraceTime setting, that\ncan be more than 10000 tries (depends on the network speed), and even\nmore for local attacks.", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "archlinux", "title": "openssh: authentication limits bypass", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-07-23T00:00:00", "id": "ASA-201507-17", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\n\nIt was discovered that the OpenSSH sshd daemon did not check the\n\t list of keyboard-interactive authentication methods for duplicates.\n\t A remote attacker could use this flaw to bypass the MaxAuthTries\n\t limit, making it easier to perform password guessing attacks.\n\n\n", "cvss3": {}, "published": "2015-07-21T00:00:00", "type": "freebsd", "title": "OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2016-08-09T00:00:00", "id": "5B74A5BC-348F-11E5-BA05-C80AA9043978", "href": "https://vuxml.freebsd.org/freebsd/5b74a5bc-348f-11e5-ba05-c80aa9043978.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-02-13T18:10:49", "description": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.", "cvss3": {}, "published": "2015-08-03T01:59:00", "type": "debiancve", "title": "CVE-2015-5600", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-08-03T01:59:00", "id": "DEBIANCVE:CVE-2015-5600", "href": "https://security-tracker.debian.org/tracker/CVE-2015-5600", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "arista": [{"lastseen": "2023-03-13T17:32:51", "description": "## Security Advisory 0012 PDF\n\n**Date:** August 20th 2015\n\nRevision| Date| Changes \n---|---|--- \n1.0 | August 20th, 2015 | Initial release \n1.1 | August 24th, 2015 | Updated with patch details. \n1.2 | November 22nd, 2017 | Updated with the fixed updated EOS releases \n \n**Arista 7000 Series Products and Arista EOS are vulnerable to CVE-2015-5600. **\n\nIn July 2015, the OpenSSH project issued a security advisory for an authentication brute force vulnerability that bypasses the default max attempts limit. The vulnerability allows for unlimited entries within the login time limit. This permits a brute force attack on weak passwords within the login time period of two minutes.\n\nThis issue affects all current OpenSSH versions through 6.9.\n\nAll systems using OpenSSH are vulnerable and can be tested using\n \n \n ssh -l -oKbdInteractiveDevices=`perl -e 'print \"pam,\" x 10000'` \n\nand then entering multiple password attempts.\n\n**Mitigation**\n\nThe best workaround until a fix is available is to restrict access to known sources and to ensure all passwords are long and difficult to brute force. \nTo determine if a system is being probed for this check the following logs \"/var/log/secure\" under the bash shell for log's that look like the following:\n \n \n Aug 10 10:16:16 switch sshd[4439]: Failed keyboard-interactive/pam for user_name from hostname port 47884 ssh2 \n \r\n Aug 10 10:16:16 switch sshd[4439]: error: PAM: Authentication failure for user_name from hostname \n\nNote that the above logs will only appear under /var/log/secure and not under the switches normal syslogging mechanism. To view this log file, use the following command from the EOS CLI:\n \n \n bash sudo cat /var/log/secure\n\n**Resolution **\n\nBug ID 129011 tracks this vulnerability. The fix will be available in EOS releases 4.12.11M, 4.13.13M, 4.14.10M and 4.15.2F and later releases. The following patch file can be installed on all affected EOS releases (4.12 through 4.15):\n\n**Patch URL:** [SecurityAdvisory0012.swix](<https://aristanetworks.egnyte.com/dl/PKG0VausXN/SecurityAdvisory0012.swix_>)\n\n**sha512sum:** 8586baf27c52e6ccc54d90814451cede5d23230e2a738cc2bfcd8cb182715afbe21cfd0b87660d792aba743c3339baebdb0b90a0ddefa65917ee21463e136a80\n\n**Instructions to install patch**\n\n 1. Download the above patch file to the flash of the switch using any of the supported file transfer protocols: \n \n switch#copy scp://This email address is being protected from spambots. You need JavaScript enabled to view it./SecurityAdvisory0012.swix extension:\n\n 2. Install the patch using the extension command: \n \n switch#extension SecurityAdvisory0012.swix \n \r\n switch#show extensions \n \r\n Name Version/Release Status Extensions \n \r\n ----------------------------------- ------------------------- -------- -------- \n \r\n SecurityAdvisory0012.swix \t 5.5p1/2592747.gaevansrele A, I 1 \n \r\n A: available | NA: not available | I: installed | NI: not installed | F: forced \n\n 3. Once the patch is installed, sshd will be restarted as part of the fix. Existing SSH sessions will not be disrupted.\n 4. To verify that the patch is installed, start an SSH session to the patched switch using the following options: \n \n ssh -l -oKbdInteractiveDevices=`perl -e 'print \"pam,\" x 10000'` \n\n \nOn a patched switch, the above SSH command will disconnect after three attempts.\n 5. Make the patch persistent across reboots: \n \n switch#copy installed-extensions boot-extensions \r\n \n Copy completed successfully.\r\n \n switch#show boot-extensions \r\n \n SecurityAdvisory0012.swix \n\n**References:** \nFor additional information about the vulnerability, please visit: <https://vulners.com/cve/CVE-2015-5600>\n\n**For More Information:** \nIf you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:\n\nOpen a Service Request: \nBy email: This email address is being protected from spambots. You need JavaScript enabled to view it. \nBy telephone: 408-547-5502 \n866-476-0000\n", "cvss3": {}, "published": "2015-08-20T00:00:00", "type": "arista", "title": "Security Advisory 0012", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2015-08-20T00:00:00", "id": "ARISTA:0012", "href": "https://www.arista.com/en/support/advisories-notices/security-advisory/1174-security-advisory-12", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "cve": [{"lastseen": "2023-02-09T02:40:55", "description": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.", "cvss3": {}, "published": "2015-08-03T01:59:00", "type": "cve", "title": "CVE-2015-5600", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2022-12-13T12:15:00", "cpe": ["cpe:/a:openbsd:openssh:6.9"], "id": "CVE-2015-5600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5600", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2023-01-26T13:26:46", "description": "## Releases\n\n * Ubuntu 15.04 \n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * openssh \\- secure shell (SSH) for secure access to remote machines\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames when \nusing PAM authentication. If an additional vulnerability were discovered in \nthe OpenSSH unprivileged child process, this issue could allow a remote \nattacker to perform user impersonation. (CVE number pending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory \nwhen using PAM authentication. If an additional vulnerability were \ndiscovered in the OpenSSH unprivileged child process, this issue could \nallow a remote attacker to bypass authentication or possibly execute \narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for \nX connections. A remote attacker could use this issue to bypass certain \naccess restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive \nauthentication. In a non-default configuration, a remote attacker could \npossibly use this issue to perform a brute-force password attack. \n(CVE-2015-5600)\n", "cvss3": {}, "published": "2015-08-14T00:00:00", "type": "ubuntu", "title": "OpenSSH vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600"], "modified": "2015-08-14T00:00:00", "id": "USN-2710-1", "href": "https://ubuntu.com/security/notices/USN-2710-1", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-26T13:26:41", "description": "## Releases\n\n * Ubuntu 15.04 \n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * openssh \\- secure shell (SSH) for secure access to remote machines\n\nUSN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for \nCVE-2015-5600 caused a regression resulting in random authentication \nfailures in non-default configurations. This update fixes the problem.\n\nOriginal advisory details:\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames when \nusing PAM authentication. If an additional vulnerability were discovered in \nthe OpenSSH unprivileged child process, this issue could allow a remote \nattacker to perform user impersonation. (CVE number pending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory \nwhen using PAM authentication. If an additional vulnerability were \ndiscovered in the OpenSSH unprivileged child process, this issue could \nallow a remote attacker to bypass authentication or possibly execute \narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for \nX connections. A remote attacker could use this issue to bypass certain \naccess restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive \nauthentication. In a non-default configuration, a remote attacker could \npossibly use this issue to perform a brute-force password attack. \n(CVE-2015-5600)\n", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "ubuntu", "title": "OpenSSH regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600"], "modified": "2015-08-18T00:00:00", "id": "USN-2710-2", "href": "https://ubuntu.com/security/notices/USN-2710-2", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:20:57", "description": "[5.3p1-114]\n- CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (#1245969)\n[5.3p1-113]\n- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317816)", "cvss3": {}, "published": "2016-03-21T00:00:00", "type": "oraclelinux", "title": "openssh security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2016-03-21T00:00:00", "id": "ELSA-2016-0466", "href": "http://linux.oracle.com/errata/ELSA-2016-0466.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-06-04T20:21:08", "description": "[4.3p2-82.0.2]\n- CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (John Haxby) [orabug 22985024]\n- CVE-2016-3115: missing sanitisation of input for X11 forwarding (John Haxby) [orabug 22985024]", "cvss3": {}, "published": "2016-04-03T00:00:00", "type": "oraclelinux", "title": "openssh security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2016-04-03T00:00:00", "id": "ELSA-2016-3531", "href": "http://linux.oracle.com/errata/ELSA-2016-3531.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-06-04T20:21:15", "description": "[6.6.1p1-22]\n- Use the correct constant for glob limits (#1160377)\n[6.6.1p1-21]\n- Extend memory limit for remote glob in sftp acc. to stat limit (#1160377)\n[6.6.1p1-20]\n- Fix vulnerabilities published with openssh-7.0 (#1265807)\n - Privilege separation weakness related to PAM support\n - Use-after-free bug related to PAM support\n[6.6.1p1-19]\n- Increase limit of files for glob match in sftp to 8192 (#1160377)\n[6.6.1p1-18]\n- Add GSSAPIKexAlgorithms option for server and client application (#1253062)\n[6.6.1p1-17]\n- Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864)\n - XSECURITY restrictions bypass under certain conditions in ssh(1) (#1238231)\n - weakness of agent locking (ssh-add -x) to password guessing (#1238238)\n[6.6.1p1-16]\n- only query each keyboard-interactive device once (CVE-2015-5600) (#1245971)\n[6.6.1p1-15]\n- One more typo in manual page documenting TERM variable (#1162683)\n- Fix race condition with auditing messages answers (#1240613)\n[6.6.1p1-14]\n- Fix ldif schema to have correct spacing on newlines (#1184938)\n- Add missing values for sshd test mode (#1187597)\n- ssh-copy-id: tcsh doesnt work with multiline strings (#1201758)\n- Fix memory problems with newkeys and array transfers (#1223218)\n- Enhance AllowGroups documentation in man page (#1150007)\n[6.6.1p1-13]\n- Increase limit of files for glob match in sftp (#1160377)\n- Add pam_reauthorize.so to /etc/pam.d/sshd (#1204233)\n- Show all config values in sshd test mode (#1187597)\n- Document required selinux boolean for working ssh-ldap-helper (#1178116)\n- Consistent usage of pam_namespace in sshd (#1125110)\n- Fix auditing when using combination of ForcedCommand and PTY (#1199112)\n- Add sftp option to force mode of created files (#1197989)\n- Ability to specify an arbitrary LDAP filter in ldap.conf for ssh-ldap-helper (#1201753)\n- Provide documentation line for systemd service and socket (#1181591)\n- Provide LDIF version of LPK schema (#1184938)\n- Document TERM environment variable (#1162683)\n- Fix ssh-copy-id on non-sh remote shells (#1201758)\n- Do not read RSA1 hostkeys for HostBased authentication in FIPS (#1197666)", "cvss3": {}, "published": "2015-11-23T00:00:00", "type": "oraclelinux", "title": "openssh security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2015-11-23T00:00:00", "id": "ELSA-2015-2088", "href": "http://linux.oracle.com/errata/ELSA-2015-2088.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "centos": [{"lastseen": "2023-01-01T04:43:05", "description": "**CentOS Errata and Security Advisory** CESA-2016:0466\n\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.\nThese packages include the core files necessary for both the OpenSSH client\nand server.\n\nIt was discovered that the OpenSSH server did not sanitize data received\nin requests to enable X11 forwarding. An authenticated client with\nrestricted SSH access could possibly use this flaw to bypass intended\nrestrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-March/071220.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-clients\nopenssh-ldap\nopenssh-server\npam_ssh_agent_auth\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:0466", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.7}, "published": "2016-03-21T22:18:29", "type": "centos", "title": "openssh, pam_ssh_agent_auth security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2016-03-21T22:18:29", "id": "CESA-2016:0466", "href": "https://lists.centos.org/pipermail/centos-announce/2016-March/071220.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2023-01-01T05:09:00", "description": "**CentOS Errata and Security Advisory** CESA-2015:2088\n\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way OpenSSH handled PAM authentication when using\nprivilege separation. An attacker with valid credentials on the system and\nable to fully compromise a non-privileged pre-authentication process using\na different flaw could use this flaw to authenticate as other users.\n(CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a different\nflaw could possibly cause sshd to crash or execute arbitrary code with\nroot privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys\nused for public key authentication, was vulnerable to password guessing\nattacks. An attacker able to connect to the agent could use this flaw to\nconduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs:\n\n* Previously, the sshd_config(5) man page was misleading and could thus\nconfuse the user. This update improves the man page text to clearly\ndescribe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to \"2\", multiplexed SSH connections did not work\nas expected. After the user attempted to open a second multiplexed\nconnection, the attempt failed if the first connection was still open. This\nupdate modifies OpenSSH to issue only one audit message per session, and\nthe user is thus able to open two multiplexed connections in this\nsituation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server did\nnot use an sh-like shell. Remote commands have been modified to run in an\nsh-like shell, and ssh-copy-id now works also with non-sh-like shells.\n(BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when using\nControlMaster multiplexing, one session in the shared connection randomly\nand unexpectedly exited the connection. This update fixes the race\ncondition in the auditing code, and multiplexing connections now work as\nexpected even with a number of sessions created at once. (BZ#1240613)\n\nIn addition, this update adds the following enhancements:\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers possess\na default schema, as expected by the ssh-ldap-helper program, this update\nprovides the user with an ability to adjust the LDAP query to get public\nkeys from servers with a different schema, while the default functionality\nstays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set\npermissions for files uploaded using Secure File Transfer Protocol (SFTP).\n(BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted\nby OpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic Security\nServices API (GSSAPI) key exchange algorithms as any normal key exchange.\n(BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2015-November/022101.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-clients\nopenssh-keycat\nopenssh-ldap\nopenssh-server\nopenssh-server-sysvinit\npam_ssh_agent_auth\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:2088", "cvss3": {}, "published": "2015-11-30T19:46:33", "type": "centos", "title": "openssh, pam_ssh_agent_auth security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2015-11-30T19:46:33", "id": "CESA-2015:2088", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2015-November/022101.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "freebsd_advisory": [{"lastseen": "2023-01-09T15:24:39", "description": "\\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:16.openssh Security Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: openssh Announced: 2015-07-28, revised on 2015-07-30 Affects: All supported versions of FreeBSD. Corrected: 2015-07-28 19:58:44 UTC (stable/10, 10.2-PRERELEASE) 2015-07-28 19:58:44 UTC (stable/10, 10.2-BETA2-p2) 2015-07-28 19:59:04 UTC (releng/10.2, 10.2-RC1-p1) 2015-07-28 19:59:11 UTC (releng/10.1, 10.1-RELEASE-p16) 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE) 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21) 2015-07-30 10:09:07 UTC (stable/8, 8.4-STABLE) 2015-07-30 10:09:31 UTC (releng/8.4, 8.4-RELEASE-p36) CVE Name: CVE-2014-2653, CVE-2015-5600 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0\\. Revision history v1.0 2015-07-28 Initial release. v1.1 2015-07-30 Revised patch for FreeBSD 8.x to address regression when keyboard interactive authentication is used. v1.2 2015-07-30 Revised for typos. I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. The security of the SSH connection relies on the server authenticating itself to the client as well as the user authenticating itself to the server. SSH servers uses host keys to verify their identity. RFC 4255 has defined a method of verifying SSH host keys using Domain Name System Security (DNSSEC), by publishing the key fingerprint using DNS with \"SSHFP\" resource record. RFC 6187 has defined methods to use a signature by a trusted certification authority to bind a given public key to a given digital identity with X.509v3 certificates. The PAM (Pluggable Authentication Modules) library provides a flexible framework for user authentication and session setup / teardown. OpenSSH uses PAM for password authentication by default. II. Problem Description OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. [CVE-2014-2653] OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts. III. Impact A malicious server may be able to force a connecting client to skip DNS SSHFP record check and require the user to perform manual host verification of the host key fingerprint. This could allow man-in-the-middle attack if the user does not carefully check the fingerprint. [CVE-2014-2653] A remote attacker may effectively bypass MaxAuthTries settings, which would enable them to brute force passwords. [CVE-2015-5600] IV. Workaround Systems that do not use OpenSSH are not affected. There is no workaround for CVE-2014-2653, but the problem only affects networks where DNSsec and SSHFP is properly configured. Users who uses SSH should always check server host key fingerprints carefully when prompted. System administrators can set: UsePAM no In their /etc/ssh/sshd_config and restart sshd service to workaround the problem described as CVE-2015-5600 at expense of losing features provided by the PAM framework. We recommend system administrators to disable password based authentication completely, and use key based authentication exclusively in their SSH server configuration, when possible. This would eliminate the possibility of being ever exposed to password brute force attack. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. SSH service has to be restarted after the update. A reboot is recommended but not required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install SSH service has to be restarted after the update. A reboot is recommended but not required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.3, 10.1, 10.2] # fetch https://security.FreeBSD.org/patches/SA-15:16/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-15:16/openssh.patch.asc # gpg --verify openssh.patch.asc [FreeBSD 8.4] # fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch # fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch.asc # gpg --verify openssh-8.patch.asc # fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patch # fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patch.asc # gpg --verify openssh-8-errata.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch &lt; /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the SSH service, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision \\- ------------------------------------------------------------------------- stable/8/ r286067 releng/8.4/ r286068 stable/9/ r285977 releng/9.3/ r285980 stable/10/ r285976 releng/10.1/ r285979 releng/10.2/ r285978 \\- ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at \\-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.6 (FreeBSD) iQIcBAEBCgAGBQJVulgaAAoJEO1n7NZdz2rnhdMP/3d3HYI6Rz+1jLhRB5WhwVg5 2z16m5KAabsL3QZuTItZ5gv2DB4b3BjP91kIhAS5WSpyPU503N1OhxhyhEmRPeGJ Sf0oX54/uFDg8dHhLt2FHT+ebtndHYy+jqfOODZmf4CotCqeEVXnBDzeaYq4iAvY 6UHFu3n8UPdooNWfG+20Tfo9gOkM65rczODjOt1tPICK0oar07xVlLcC5UBdYQuT ztNg42lmXjftS5hGifo4uuGeeqaI+0uB3LcMo9WCYFo2kwMVghNIQUcCWnDDqZ6h 2Ci4Ho4N6FXiQnJ8d4Zwo6+cESeFhqDrPsO6KmeourVwiH8TXUTNxxm5o7fC+clL 3d7vsckBYPZdHKZb+E3SktjPTHaEXGrKMq24rwCTWf9GzvHVAehOEzYUPssR55lg q7O6SoaWmSsa7uxYdyj1ZKQRYfVkVV8I7kfV9z56ZUngPaJySA145LHuC8G2Hbm5 YAFCsGgsrSSycWJNqAeFsNFdq9BWvbl2UdvR4lgXDN8Fty0fTqEKyq6qwDj3uDul 1NzGijH5GyhR3PEUBgGYNL1RvmL9FY+47HAqLXTfadypevozQqwUCIIN329uJPZ/ VTQte7DQmMvwlDus5ihCLZ3/hfR/54Fixo7FkwCud+YBRmgeG9SnIuCNaX4nZB6R gzAUSqUVcWz7N1/nyns8 =qKoP \\-----END PGP SIGNATURE----- \n", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "freebsd_advisory", "title": "\nFreeBSD-SA-15:16.openssh", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2653", "CVE-2015-5600"], "modified": "2015-07-28T00:00:00", "id": "FREEBSD_ADVISORY:FREEBSD-SA-15:16.OPENSSH", "href": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:16.openssh.asc", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-19T18:41:01", "description": "OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.\nThese packages include the core files necessary for both the OpenSSH client\nand server.\n\nIt was discovered that the OpenSSH server did not sanitize data received\nin requests to enable X11 forwarding. An authenticated client with\nrestricted SSH access could possibly use this flaw to bypass intended\nrestrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically.\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-03-21T00:00:00", "type": "redhat", "title": "(RHSA-2016:0466) Moderate: openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "modified": "2018-06-06T16:24:20", "id": "RHSA-2016:0466", "href": "https://access.redhat.com/errata/RHSA-2016:0466", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-10-21T04:42:07", "description": "OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way OpenSSH handled PAM authentication when using\nprivilege separation. An attacker with valid credentials on the system and\nable to fully compromise a non-privileged pre-authentication process using\na different flaw could use this flaw to authenticate as other users.\n(CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a different\nflaw could possibly cause sshd to crash or execute arbitrary code with\nroot privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys\nused for public key authentication, was vulnerable to password guessing\nattacks. An attacker able to connect to the agent could use this flaw to\nconduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs:\n\n* Previously, the sshd_config(5) man page was misleading and could thus\nconfuse the user. This update improves the man page text to clearly\ndescribe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to \"2\", multiplexed SSH connections did not work\nas expected. After the user attempted to open a second multiplexed\nconnection, the attempt failed if the first connection was still open. This\nupdate modifies OpenSSH to issue only one audit message per session, and\nthe user is thus able to open two multiplexed connections in this\nsituation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server did\nnot use an sh-like shell. Remote commands have been modified to run in an\nsh-like shell, and ssh-copy-id now works also with non-sh-like shells.\n(BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when using\nControlMaster multiplexing, one session in the shared connection randomly\nand unexpectedly exited the connection. This update fixes the race\ncondition in the auditing code, and multiplexing connections now work as\nexpected even with a number of sessions created at once. (BZ#1240613)\n\nIn addition, this update adds the following enhancements:\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers possess\na default schema, as expected by the ssh-ldap-helper program, this update\nprovides the user with an ability to adjust the LDAP query to get public\nkeys from servers with a different schema, while the default functionality\nstays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set\npermissions for files uploaded using Secure File Transfer Protocol (SFTP).\n(BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted\nby OpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic Security\nServices API (GSSAPI) key exchange algorithms as any normal key exchange.\n(BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.", "cvss3": {}, "published": "2015-11-19T14:41:38", "type": "redhat", "title": "(RHSA-2015:2088) Moderate: openssh security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2018-04-11T23:33:04", "id": "RHSA-2015:2088", "href": "https://access.redhat.com/errata/RHSA-2015:2088", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "amazon": [{"lastseen": "2023-02-08T17:19:50", "description": "**Issue Overview:**\n\nA flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. \n\n\n \n**Affected Packages:** \n\n\nopenssh\n\n \n**Issue Correction:** \nRun _yum update openssh_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 openssh-6.6.1p1-22.58.amzn1.i686 \n \u00a0\u00a0\u00a0 openssh-server-6.6.1p1-22.58.amzn1.i686 \n \u00a0\u00a0\u00a0 pam_ssh_agent_auth-0.9.3-9.22.58.amzn1.i686 \n \u00a0\u00a0\u00a0 openssh-keycat-6.6.1p1-22.58.amzn1.i686 \n \u00a0\u00a0\u00a0 openssh-ldap-6.6.1p1-22.58.amzn1.i686 \n \u00a0\u00a0\u00a0 openssh-debuginfo-6.6.1p1-22.58.amzn1.i686 \n \u00a0\u00a0\u00a0 openssh-clients-6.6.1p1-22.58.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 openssh-6.6.1p1-22.58.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 openssh-6.6.1p1-22.58.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssh-clients-6.6.1p1-22.58.amzn1.x86_64 \n \u00a0\u00a0\u00a0 pam_ssh_agent_auth-0.9.3-9.22.58.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssh-server-6.6.1p1-22.58.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssh-debuginfo-6.6.1p1-22.58.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssh-keycat-6.6.1p1-22.58.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssh-ldap-6.6.1p1-22.58.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-5600](<https://access.redhat.com/security/cve/CVE-2015-5600>), [CVE-2015-6563](<https://access.redhat.com/security/cve/CVE-2015-6563>), [CVE-2015-6564](<https://access.redhat.com/security/cve/CVE-2015-6564>)\n\nMitre: [CVE-2015-5600](<https://vulners.com/cve/CVE-2015-5600>), [CVE-2015-6563](<https://vulners.com/cve/CVE-2015-6563>), [CVE-2015-6564](<https://vulners.com/cve/CVE-2015-6564>)\n", "cvss3": {}, "published": "2015-12-14T10:00:00", "type": "amazon", "title": "Medium: openssh", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "modified": "2015-12-13T14:24:00", "id": "ALAS-2015-625", "href": "https://alas.aws.amazon.com/ALAS-2015-625.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:06:47", "description": "### Background\n\nOpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll openssh users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openssh-7.1_p1-r2\"", "cvss3": {}, "published": "2015-12-20T00:00:00", "type": "gentoo", "title": "OpenSSH: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-6565"], "modified": "2015-12-21T00:00:00", "id": "GLSA-201512-04", "href": "https://security.gentoo.org/glsa/201512-04", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:22:46", "description": "openssh was updated to fix several security issues and bugs.\n\n These security issues were fixed:\n * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in\n OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the\n refusal deadline for X connections, which made it easier for remote\n attackers to bypass intended access restrictions via a connection outside\n of the permitted time window (bsc#936695).\n * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd\n in OpenSSH did not properly restrict the processing of\n keyboard-interactive devices within a single connection, which made it\n easier for remote attackers to conduct brute-force attacks or cause a\n denial of service (CPU consumption) via a long and duplicative list in\n the ssh -oKbdInteractiveDevices option, as demonstrated by a modified\n client that provides a different password for each pam element on this\n list (bsc#938746).\n * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM\n (bsc#932483).\n * Hardening patch to fix sftp RCE (bsc#903649).\n * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted\n extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which\n allowed local users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd uid to send a\n crafted MONITOR_REQ_PWNAM request, related to monitor.c and\n monitor_wrap.c.\n * CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might\n have allowed local users to gain privileges by leveraging control of the\n sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\n These non-security issues were fixed:\n - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential\n for oom_killer.\n - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to\n WebSphere mqm user.\n - bsc#916549: Fixed support for aesXXX-gcm@xxxxxxxxxxx.\n\n", "cvss3": {}, "published": "2015-09-21T09:10:02", "type": "suse", "title": "Security update for openssh (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5600", "CVE-2015-4000", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "modified": "2015-09-21T09:10:02", "id": "SUSE-SU-2015:1581-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2021-11-07T10:51:00", "description": "### SUMMARY\n\nBlue Coat products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. An attacker, with access to the management interface, may exploit these vulnerabilities to conduct brute-force password guessing attacks, bypass access restrictions, log in as a different user, achieve privilege escalation, execute arbitrary code, and force SSH clients to skip security checks. The attacker can also cause denial of service due to memory corruption and illegal memory accesses. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 \nCVE-2014-2653 | 6.6 | Upgrade to 6.6.3.1. \nCVE-2014-2532 | 6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.3.1. \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.5.1. \n \n \n\n**Content Analysis System (CAS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \nCVE-2014-2532, CVE-2014-2653 | 1.3 | Upgrade to 1.3.6.1. \n1.1, 1.2 | Upgrade to later release with fixes. \nCVE-2015-6563, CVE-2015-6564 | 1.3 | Upgrade to 1.3.7.1. \n1.1, 1.2 | Upgrade to later release with fixes. \nCVE-2015-5352, CVE-2015-5600 | 1.3 (not vulnerable to known vectors of attack) | Upgrade to 1.3.7.1. \n1.1, 1.2 (not vulnerable to known vectors of attack0 | Upgrade to later release with fixes. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653, \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 6.1 | Upgrade to 6.1.22.1. \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-6563, CVE-2015-6564 | 1.1 | Not available at this time \nCVE-2015-5600 | 1.1 (not vulnerable to known vectors of attack) | Upgrade to 1.1.2.1. \nCVE-2015-5352 | 1.1 (not vulnerable to known vectors of attack) | Not available at this time \n \n \n\n**Malware Analysis Appliance (MAA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653, \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 4.2 | Upgrade to 4.2.8. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653 | 1.5 and later | Not vulnerable, fixed in 1.5.1.1 \n1.4 | Upgrade to later release with fixes. \nCVE-2015-6563, CVE-2015-6564 | 1.6 and later | Not vulnerable, fixed in 1.6.1.1 \n1.4, 1.5 | Upgrade to later release with fixes. \n \n \n\n**Norman Shark Industrial Control System Protection (ICSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5352, CVE-2015-5600, \nCVE-2015-6563, CVE-2015-6564 | 5.4 | Not vulnerable, fixed in 5.4.1 \n5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark Network Protection (NNP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5352, CVE-2015-5600, \nCVE-2015-6563, CVE-2015-6564 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark SCADA Protection (NSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5352, CVE-2015-5600, \nCVE-2015-6563, CVE-2015-6564 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**PacketShaper (PS) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 11.6 and later | Not vulnerable, fixed in 11.6.1.1 \nCVE-2014-2532, CVE-2015-5600 | 11.5 | Upgrade to 11.5.2.1. \n11.2, 11.3, 11.4 | Upgrade to later release with fixes. \nCVE-2015-6563, CVE-2015-6564 | 11.5 | Upgrade to 11.5.3.2. \n11.2, 11.3, 11.4 | Upgrade to later release with fixes. \n \n \n\n**PolicyCenter (PC) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-6563, CVE-2015-6564 | 1.1 | Upgrade to 1.1.2.2. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.3.1. \nCVE-2014-9278 | 10.1 and later | Not vulnerable \nCVE-2015-5352, CVE-2015-5600 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.4.2. \nCVE-2015-6563, CVE-2015-6564 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to 10.1.4.2. \nAll CVEs | 9.4, 9.5 | Not vulnerable \n \n \n\n**Security Analytics (SA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532 | 7.2 and later | Not vulnerable, fixed in 7.2.1 \n7.1 | Upgrade to 7.1.11. \n7.0 | Upgrade to later release with fixes. \n6.6 | Upgrade to 6.6.12. \nCVE-2014-2653, \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 7.2 and later | Not vulnerable, fixed in 7.2.1 \n7.1 | Upgrade to 7.1.11. \n7.0 | Upgrade to later release with fixes. \n6.6 | Upgrade to 6.6.12. \nCVE-2015-5352 | 7.2 and later | Not vulnerable, fixed in 7.2.1 \n7.1 (not vulnerable to known vectors of attack) | Apply patch RPM available from customer support. \n7.0 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. \n6.6 (not vulnerable to known vectors of attack) | Apply patch RPM available from customer support. \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-6563, CVE-2015-6564 | 3.10 and later | Fixed in 3.10.1.1 \n3.9 | Upgrade to 3.9.3.6. \n3.8.4FC | Upgrade to 3.8.4FC-55. \n3.8 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653, \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 11.0 | Not available at this time \n10.0 | Not available at this time \n9.7 | Not available at this time \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nIn SSL Visibility, the OpenSSH vulnerabilities can be exploited only the product&#x27;s management interfaces (web UI, CLD). Limiting the machines, IP addresses and subnets able to reach this physical network port reduces the threat. This reduces the CVSS v2 scores for multiple CVEs. The adjusted CVSS v2 base scores and severity are:\n\n * CVE-2014-2532 - 4.3 (MEDIUM) (AV:A/AC:M/Au:N/C:P/I:P/A:N)\n * CVE-2014-2653 - 4.3 (MEDIUM) (AV:A/AC:M/Au:N/C:P/I:P/A:N)\n * CVE-2015-5352 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:N/I:P/A:N)\n * CVE-2015-5600 - 6.8 (MEDIUM) (AV:A/AC:L/Au:N/C:P/I:N/A:C)\n\nBlue Coat products do not enable or use all functionality within OpenSSH. Products that do not utilize or enable the functionality described in a CVE are not vulnerable to that CVE. However, fixes for those CVEs will be included in the patches that are provided. The following products include vulnerable versions of OpenSSH, but do not use the functionality described in the CVEs and are not known to be vulnerable.\n\n * **ASG:** CVE-2014-2532, CVE-2015-5600, CVE-2015-6563, and CVE-2015-6564\n * **CAS:** CVE-2015-5352 and CVE-2015-5600\n * **Director:** CVE-2015-5352\n * **MAA:** CVE-2015-5352\n * **MTD:** CVE-2015-5352 and CVE-2015-5600\n * **MC:** CVE-2015-5352 and CVE-2015-5600\n * **PS S-Series:** CVE-2014-2653 and CVE-2015-5352\n * **PC S-Series:** CVE-2015-5352\n * **Reporter 10.1:** CVE-2014-2532, CVE-2014-2653, CVE-2015-5352, and CVE-2015-5600\n * **Security Analytics:** CVE-2015-5352\n * **SSLV:** CVE-2014-2653, CVE-2015-5352, and CVE-2015-5600\n * **XOS:** CVE-2015-5352\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuthConnector \nBCAAA \nBlue Coat HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nPacketShaper \nPolicyCenter \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nProxySG \nUnified Agent \nWeb Isolation**\n\nBlue Coat no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2014-1692** \n--- \n**Severity / CVSSv2** | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 65230](<https://www.securityfocus.com/bid/65230>) / NVD: [CVE-2014-1692](<https://nvd.nist.gov/vuln/detail/CVE-2014-1692>) \n**Impact** | Denial of service, unspecified other impact \n**Description** | A flaw allows an attacker to cause memory corruption, resulting in a denial of service or unspecified other impact. \n \n \n\n**CVE-2014-2532** \n--- \n**Severity / CVSSv2** | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n**References** | SecurityFocus: [BID 66355](<https://www.securityfocus.com/bid/66355>) / NVD: [CVE-2014-2532](<https://nvd.nist.gov/vuln/detail/CVE-2014-2532>) \n**Impact** | Security control bypass \n**Description** | A flaw allows an attacker to pass environment variables to a server SSH session and bypass intended environment variable restrictions. \n \n \n\n**CVE-2014-2653** \n--- \n**Severity / CVSSv2** | Medium / 5.8 (AV:N/AC:M/A