OpenSSH 7.x < 7.3 Multiple Vulnerabilities

The current version of OpenSSH is 7.x prior to 7.3 and is affected by the following vulnerabilities :

• A flaw in the ‘do_setup_env()’ function in ‘session.c’ is triggered when handling user-supplied environmental variables. This may potentially allow a local attacker to gain elevated privileges.
• A flaw exists due to the program returning shorter response times for authentication requests with overly long passwords for invalid users than for valid users. This may allow a remote attacker to conduct a timing attack and enumerate valid usernames.
• A flaw in the ‘crypt(3)’ function via ‘sshd(8)’ is triggered during the handling of overly long passwords. This may allow a remote attacker to consume excessive CPU resources.
• An unspecified flaw in the ‘CBC’ padding oracle countermeasures in ‘ssh(1)’ and ‘sshd(8)’, which may allow an attacker to conduct a timing attack. No further details have been provided.
• A flaw in ‘ssh(1)’ and ‘sshd(8)’ is due to improper operation ordering of MAC verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC before decrypting any ciphertext. This may allow a remote attacker to use a timing attack to gain unauthorized access to potentially sensitive information.
• A flaw exists in the ‘crypt(3)’ function, accessed via ‘sshd(8)’, that is triggered during the handling of overly long passwords. This may allow a remote attacker to affect the consumption of CPU resources.
• An unspecified timing flaw exists in the CBC padding oracle countermeasures in the ‘ssh(1)’ and ‘sshd(8)’ functions. This may allow a remote attacker to gain access to potentially sensitive information.