Vulners
Lucene search
MiracleLinux 7 : openssh-6.6.1p1-22.el7 (AXSA:2015-787:01)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2015-787:01.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(289909);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");
script_cve_id("CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564");
script_name(english:"MiracleLinux 7 : openssh-6.6.1p1-22.el7 (AXSA:2015-787:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2015-787:01 advisory.
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
Security issues fixed with this release:
CVE-2015-5600
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH
through 6.9 does not properly restrict the processing of
keyboard-interactive devices within a single connection, which makes
it easier for remote attackers to conduct brute-force attacks or cause
a denial of service (CPU consumption) via a long and duplicative list
in the ssh -oKbdInteractiveDevices option, as demonstrated by a
modified client that provides a different password for each pam
element on this list.
CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD
platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX
requests, which allows local users to conduct impersonation attacks by
leveraging any SSH login access in conjunction with control of the
sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to
monitor.c and monitor_wrap.c.
CVE-2015-6564
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in
monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might
allow local users to gain privileges by leveraging control of the sshd
uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
Fixed bugs:
* Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update
improves the man page text to clearly describe the AllowGroups feature.
* The limit for the function for restricting the number of files listed using the wildcard character (*)
that prevents the Denial of Service (DoS) for both server and client was previously set too low.
Consequently, the user reaching the limit was prevented from listing a directory with a large number of
files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus
fixing this bug.
* When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to 2,
multiplexed SSH connections did not work as expected. After the user attempted to open a second
multiplexed connection, the attempt failed if the first connection was still open. This update modifies
OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed
connections in this situation.
* The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote
commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like
shells.
* Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one
session in the shared connection randomly and unexpectedly exited the connection. This update fixes the
race condition in the auditing code, and multiplexing connections now work as expected even with a number
of sessions created at once.
Enhancements:
* As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by
the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get
public keys from servers with a different schema, while the default functionality stays untouched.
* With this enhancement update, the administrator is able to set permissions for files uploaded using
Secure File Transfer Protocol (SFTP).
* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to
the old schema previously accepted by OpenLDAP.
* With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key
exchange algorithms as any normal key exchange.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/6174");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5600");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/22");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:openssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:openssh-askpass");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:openssh-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:openssh-keycat");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:openssh-server");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '7',
'pkgs': [
{'reference':'openssh-6.6.1p1-22.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE},
{'reference':'openssh-askpass-6.6.1p1-22.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE},
{'reference':'openssh-clients-6.6.1p1-22.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE},
{'reference':'openssh-keycat-6.6.1p1-22.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE},
{'reference':'openssh-server-6.6.1p1-22.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-clients / openssh-keycat / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jan 2026 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 28.5
CVSS 3.18.1
EPSS0.74862
SSVC