ID USN-2710-1 Type ubuntu Reporter Ubuntu Modified 2015-08-14T00:00:00
Description
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this issue could
allow a remote attacker to bypass authentication or possibly execute
arbitrary code. (CVE number pending)
Jann Horn discovered that OpenSSH incorrectly handled time windows for
X connections. A remote attacker could use this issue to bypass certain
access restrictions. (CVE-2015-5352)
It was discovered that OpenSSH incorrectly handled keyboard-interactive
authentication. In a non-default configuration, a remote attacker could
possibly use this issue to perform a brute-force password attack.
(CVE-2015-5600)
{"id": "USN-2710-1", "bulletinFamily": "unix", "title": "OpenSSH vulnerabilities", "description": "Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when \nusing PAM authentication. If an additional vulnerability were discovered in \nthe OpenSSH unprivileged child process, this issue could allow a remote \nattacker to perform user impersonation. (CVE number pending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory \nwhen using PAM authentication. If an additional vulnerability were \ndiscovered in the OpenSSH unprivileged child process, this issue could \nallow a remote attacker to bypass authentication or possibly execute \narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for \nX connections. A remote attacker could use this issue to bypass certain \naccess restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive \nauthentication. In a non-default configuration, a remote attacker could \npossibly use this issue to perform a brute-force password attack. \n(CVE-2015-5600)", "published": "2015-08-14T00:00:00", "modified": "2015-08-14T00:00:00", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}, "href": "https://ubuntu.com/security/notices/USN-2710-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5352", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5600"], "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "type": "ubuntu", "lastseen": "2020-07-02T11:40:43", "edition": 5, "viewCount": 39, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5600", "CVE-2015-5352"]}, {"type": "f5", "idList": ["SOL17461", "F5:K17461", "SOL17113", "F5:K17113"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310869826", "OPENVAS:1361412562310806049", "OPENVAS:1361412562310120114", "OPENVAS:1361412562310130107", "OPENVAS:1361412562310842409", "OPENVAS:1361412562310842418", "OPENVAS:1361412562310121426", "OPENVAS:1361412562310130083", "OPENVAS:1361412562310105317", "OPENVAS:1361412562310869736"]}, {"type": "debian", "idList": ["DEBIAN:DLA-288-2:68C70", "DEBIAN:DLA-1500-1:E6BD7", "DEBIAN:DLA-288-1:36C61"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-1544-1.NASL", "SUSE_SU-2015-1695-1.NASL", "SUSE_SU-2015-1581-1.NASL", "UBUNTU_USN-2710-1.NASL", "UBUNTU_USN-2710-2.NASL", "SUSE_SU-2015-1840-1.NASL", "SUSE_SU-2015-1547-2.NASL", "OPENSSH_69.NASL", "GENTOO_GLSA-201512-04.NASL", "SUSE_SU-2015-1547-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-2710-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-3531", "ELSA-2015-2088", "ELSA-2016-0466"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1581-1"]}, {"type": "gentoo", "idList": ["GLSA-201512-04"]}, {"type": "fedora", "idList": ["FEDORA:146EF61A1014", "FEDORA:0F42760C37F8", "FEDORA:0429D60C85D7", "FEDORA:27BE8609204C", "FEDORA:2E88760877A1", "FEDORA:7B66961B84A2", "FEDORA:5CE3E6118DC1"]}, {"type": "archlinux", "idList": ["ASA-201507-4", "ASA-201507-17"]}, {"type": "amazon", "idList": ["ALAS-2015-568", "ALAS-2015-625"]}, {"type": "aix", "idList": ["OPENSSH_ADVISORY5.ASC"]}, {"type": "freebsd", "idList": ["5B74A5BC-348F-11E5-BA05-C80AA9043978"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14614", "SECURITYVULNS:DOC:32378"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:28883491CAD3C04ED61F2AE814DD1633"]}, {"type": "centos", "idList": ["CESA-2015:2088", "CESA-2016:0741", "CESA-2016:0466"]}, {"type": "redhat", "idList": ["RHSA-2015:2088", "RHSA-2016:0741", "RHSA-2016:0466"]}, {"type": "symantec", "idList": ["SMNTC-1337"]}], "modified": "2020-07-02T11:40:43", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2020-07-02T11:40:43", "rev": 2}, "vulnersScore": 8.2}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "15.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "openssh-server", "packageVersion": "1:6.7p1-5ubuntu1.2"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "openssh-server", "packageVersion": "1:6.6p1-2ubuntu2.2"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "openssh-server", "packageVersion": "1:5.9p1-5ubuntu1.6"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T20:03:05", "description": "The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.", "edition": 5, "cvss3": {}, "published": "2015-08-03T01:59:00", "title": "CVE-2015-5352", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5352"], "modified": "2018-10-24T10:29:00", "cpe": ["cpe:/a:openbsd:openssh:6.8"], "id": "CVE-2015-5352", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5352", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:05", "description": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.", "edition": 5, "cvss3": {}, "published": "2015-08-03T01:59:00", "title": "CVE-2015-5600", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600"], "modified": "2018-09-11T10:29:00", "cpe": ["cpe:/a:openbsd:openssh:6.9"], "id": "CVE-2015-5600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5600", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:40:34", "bulletinFamily": "software", "cvelist": ["CVE-2015-5352"], "description": "\nF5 Product Development has assigned ID 545718 and ID 690762 (BIG-IP), 545751 (BIG-IQ), 545752 (Enterprise Manager), and 431179 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17461 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.2**1** \n11.0.0 - 11.6.3**1** \n10.1.0 - 10.2.4**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP AAM | 12.0.0 - 12.1.2**1** \n11.4.0 - 11.6.3**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP AFM | 12.0.0 - 12.1.2**1** \n11.3.0 - 11.6.3**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP Analytics | 12.0.0 - 12.1.2**1** \n11.0.0 - 11.6.3**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP APM | 12.0.0 - 12.1.2**1** \n11.0.0 - 11.6.3**1** \n10.1.0 - 10.2.4**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP ASM | 12.0.0 - 12.1.2**1** \n11.0.0 - 11.6.3**1** \n10.1.0 - 10.2.4**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP DNS | 12.0.0 - 12.1.2**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0**1** \n10.1.0 - 10.2.4**1** | None | Low | OpenSSH \nBIG-IP GTM | 11.0.0 - 11.6.3**1** \n10.1.0 - 10.2.4**1** | None | Low | OpenSSH \nBIG-IP Link Controller | 12.0.0 - 12.1.2**1** \n11.0.0 - 11.6.3**1** \n10.1.0 - 10.2.4**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP PEM | 12.0.0 - 12.1.2**1** \n11.3.0 - 11.6.3**1** | 13.0.0 \n12.1.3 | Low | OpenSSH \nBIG-IP PSM | 11.0.0 - 11.4.1**1** \n10.1.0 - 10.2.4**1** | None | Low | OpenSSH \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0**1** \n10.1.0 - 10.2.4**1** | None | Low | OpenSSH \nBIG-IP WOM | 11.0.0 - 11.3.0**1** \n10.1.0 - 10.2.4**1** | None | Low | OpenSSH \nARX | 6.0.0 - 6.4.0 | None | Low | OpenSSH \nEnterprise Manager | 3.0.0 - 3.1.1**1** | None | Low | OpenSSH \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0**1** | None | Low | OpenSSH \nBIG-IQ Device | 4.2.0 - 4.5.0**1** | None | Low | OpenSSH \nBIG-IQ Security | 4.0.0 - 4.5.0**1** | None | Low | OpenSSH \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSH \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\n**1**By default, the vulnerable code is not enabled and is not used by the affected BIG-IP, BIG-IQ, and Enterprise Manager versions. In a standard/default configuration, the vulnerability is not exposed. \n\n\nIf you are running a version listed in the** Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2018-11-29T19:45:00", "published": "2015-10-28T22:06:00", "id": "F5:K17461", "href": "https://support.f5.com/csp/article/K17461", "title": "OpenSSH vulnerability CVE-2015-5352", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-04-06T22:40:05", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600"], "description": "\nF5 Product Development has assigned ID 534633 (BIG-IP), ID 535886 (BIG-IQ), ID 535889 (Enterprise Manager), and LRS-59845 (LineRate), to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 \n11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP AAM | 12.0.0 \n11.6.0 \n11.4.0 - 11.5.3 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 \n11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP AFM | 12.0.0 \n11.6.0 \n11.3.0 - 11.5.3 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 \n11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP Analytics | 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 \n11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP APM | 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 \n11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP ASM | 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 \n11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP DNS | 12.0.0 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 | Medium | sshd \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | sshd \nBIG-IP GTM | 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4 | 11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP Link Controller | 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 \n11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP PEM | 12.0.0 \n11.6.0 \n11.3.0 - 11.5.3 | 14.0.0 \n13.0.0 - 13.1.1 \n12.1.0 - 12.1.3 \n12.0.0 HF3 \n11.6.1 - 11.6.3 \n11.5.4 - 11.5.7 | Medium | sshd \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Medium | sshd \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | sshd \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | sshd \nEnterprise Manager | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None | Medium | sshd \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | sshd \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | sshd \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | sshd \nBIG-IQ ADC | 4.5.0 | None | Medium | sshd \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | 6.0.0 - 6.0.1 \n5.2.0 - 5.4.0 | Medium | sshd \nLineRate | 2.5.0 - 2.6.1 | None | High | sshd \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 13.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>). In addition, secure the BIG-IP system from unwanted connection attempts by controlling the level of access to each self IP address defined on the system. For more information, refer to [K13250: Overview of port lockdown behavior (10.x - 11.x)](<https://support.f5.com/csp/article/K13250>).\n\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>)\n * [K11719: Mitigating risk from SSH brute force login attacks](<https://support.f5.com/csp/article/K11719>)\n", "edition": 1, "modified": "2018-09-21T23:59:00", "published": "2015-08-14T20:16:00", "id": "F5:K17113", "href": "https://support.f5.com/csp/article/K17113", "title": "OpenSSH vulnerability CVE-2015-5600", "type": "f5", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2016-09-26T17:23:27", "bulletinFamily": "software", "cvelist": ["CVE-2015-5352"], "edition": 1, "description": "Recommended Action\n\n**1**By default, the vulnerable code is not enabled and is not used by the affected BIG-IP, BIG-IQ, and Enterprise Manager versions. In a standard/default configuration, the vulnerability is not exposed. \n\n\nIf you are running a version listed in the** Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-10-28T00:00:00", "published": "2015-10-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/400/sol17461.html", "id": "SOL17461", "title": "SOL17461 - OpenSSH vulnerability CVE-2015-5352", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:13", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. \n \nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system. In addition, secure the BIG-IP system from unwanted connection attempts by controlling the level of access to each self IP address defined on the system. For more information, refer to SOL13250: Overview of port lockdown behavior (10.x - 11.x).\n\nSupplemental Information\n\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS\n * SOL11719: Mitigating risk from SSH brute force login attacks\n", "modified": "2016-06-09T00:00:00", "published": "2015-08-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17113.html", "id": "SOL17113", "title": "SOL17113 - OpenSSH vulnerability CVE-2015-5600", "type": "f5", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-08-15T00:00:00", "id": "OPENVAS:1361412562310842409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842409", "type": "openvas", "title": "Ubuntu Update for openssh USN-2710-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssh USN-2710-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842409\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-15 05:05:45 +0200 (Sat, 15 Aug 2015)\");\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssh USN-2710-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Moritz Jodeit discovered that OpenSSH\nincorrectly handled usernames when using PAM authentication. If an additional\nvulnerability were discovered in the OpenSSH unprivileged child process, this\nissue could allow a remote attacker to perform user impersonation. (CVE number\npending) Moritz Jodeit discovered that OpenSSH incorrectly handled context memory\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to bypass authentication or possibly execute\narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for\nX connections. A remote attacker could use this issue to bypass certain\naccess restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive\nauthentication. In a non-default configuration, a remote attacker could\npossibly use this issue to perform a brute-force password attack.\n(CVE-2015-5600)\");\n script_tag(name:\"affected\", value:\"openssh on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2710-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2710-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:6.6p1-2ubuntu2.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:5.9p1-5ubuntu1.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-08-20T00:00:00", "id": "OPENVAS:1361412562310842418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842418", "type": "openvas", "title": "Ubuntu Update for openssh USN-2710-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssh USN-2710-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842418\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:45:59 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2015-5600\", \"CVE-2015-5352\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssh USN-2710-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-2710-1 fixed vulnerabilities in OpenSSH.\nThe upstream fix for CVE-2015-5600 caused a regression resulting in random\nauthentication failures in non-default configurations. This update fixes the\nproblem.\n\nOriginal advisory details:\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames when\nusing PAM authentication. If an additional vulnerability were discovered in\nthe OpenSSH unprivileged child process, this issue could allow a remote\nattacker to perform user impersonation. (CVE number pending)\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to bypass authentication or possibly execute\narbitrary code. (CVE number pending)\nJann Horn discovered that OpenSSH incorrectly handled time windows for\nX connections. A remote attacker could use this issue to bypass certain\naccess restrictions. (CVE-2015-5352)\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive\nauthentication. In a non-default configuration, a remote attacker could\npossibly use this issue to perform a brute-force password attack.\n(CVE-2015-5600)\");\n script_tag(name:\"affected\", value:\"openssh on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2710-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2710-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:6.6p1-2ubuntu2.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openssh-server\", ver:\"1:5.9p1-5ubuntu1.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6565", "CVE-2015-6563"], "description": "Gentoo Linux Local Security Checks GLSA 201512-04", "modified": "2018-10-26T00:00:00", "published": "2015-12-22T00:00:00", "id": "OPENVAS:1361412562310121426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121426", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201512-04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201512-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121426\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-22 06:47:49 +0200 (Tue, 22 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201512-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201512-04\");\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\", \"CVE-2015-6565\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201512-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/openssh\", unaffected: make_list(\"ge 7.1_p1-r2\"), vulnerable: make_list(\"lt 7.1_p1-r2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-03-17T22:59:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5352"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120114", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-568)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120114\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:48 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-568)\");\n script_tag(name:\"insight\", value:\"It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with fail open behavior in the X11 server when clients attempted connections with expired credentials.\");\n script_tag(name:\"solution\", value:\"Run yum update openssh to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-568.html\");\n script_cve_id(\"CVE-2015-5352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~6.2p2~8.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-debuginfo\", rpm:\"openssh-debuginfo~6.2p2~8.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~6.2p2~8.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pam_ssh_agent_auth\", rpm:\"pam_ssh_agent_auth~0.9.3~5.8.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.2p2~8.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-ldap\", rpm:\"openssh-ldap~6.2p2~8.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssh-keycat\", rpm:\"openssh-keycat~6.2p2~8.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5352"], "description": "Mageia Linux Local Security Checks mgasa-2015-0271", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130107", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0271", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0271.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130107\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:47 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0271\");\n script_tag(name:\"insight\", value:\"In Portable OpenSSH before 6.9p1, when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh (CVE-2015-5352).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0271.html\");\n script_cve_id(\"CVE-2015-5352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0271\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6p1~5.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5352"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-11T00:00:00", "id": "OPENVAS:1361412562310869736", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869736", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2015-11063", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2015-11063\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869736\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-11 06:03:58 +0200 (Sat, 11 Jul 2015)\");\n script_cve_id(\"CVE-2015-5352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssh FEDORA-2015-11063\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssh on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-11063\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161692.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.9p1~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-04-07T16:39:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5352"], "description": "OpenSSH is prone to a security-bypass vulnerability.\n\n This NVT has been replaced by OID 1.3.6.1.4.1.25623.1.0.806049.", "modified": "2020-04-02T00:00:00", "published": "2015-07-09T00:00:00", "id": "OPENVAS:1361412562310105317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105317", "type": "openvas", "title": "OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105317\");\n script_bugtraq_id(75525);\n script_cve_id(\"CVE-2015-5352\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_name(\"OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-09 10:06:32 +0200 (Thu, 09 Jul 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/75525\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to bypass certain security\n restrictions and perform unauthorized actions. This may lead to further attacks\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Update to 6.9 or newer.\");\n\n script_tag(name:\"summary\", value:\"OpenSSH is prone to a security-bypass vulnerability.\n\n This NVT has been replaced by OID 1.3.6.1.4.1.25623.1.0.806049.\");\n\n script_tag(name:\"affected\", value:\"OpenSSH < 6.9\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"deprecated\", value:TRUE);\n\n exit(0);\n}\n\nexit(66); # Replaced by gb_openssh_security_bypass_vuln.nasl (1.3.6.1.4.1.25623.1.0.806049)\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5352"], "description": "This host is running OpenSSH and is prone\n to security bypass vulnerability.", "modified": "2019-05-22T00:00:00", "published": "2015-09-10T00:00:00", "id": "OPENVAS:1361412562310806049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806049", "type": "openvas", "title": "OpenSSH Security Bypass Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSH Security Bypass Vulnerability\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openbsd:openssh\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806049\");\n script_version(\"2019-05-22T07:58:25+0000\");\n script_cve_id(\"CVE-2015-5352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 07:58:25 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-09-10 14:36:41 +0530 (Thu, 10 Sep 2015)\");\n script_name(\"OpenSSH Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssh_consolidation.nasl\");\n script_mandatory_keys(\"openssh/detected\");\n\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/07/01/10\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSH and is prone\n to security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the refusal\n deadline was not checked within the x11_open_helper function.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass intended access restrictions.\");\n\n script_tag(name:\"affected\", value:\"OpenSSH versions before 6.9.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSH version 6.9 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_is_less( version:vers, test_version:\"6.9\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"6.9\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600"], "description": "Mageia Linux Local Security Checks mgasa-2015-0295", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130083", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0295", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0295.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130083\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:30 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0295\");\n script_tag(name:\"insight\", value:\"The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used (the default configuration in Mageia), can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker in brute-force password guessing (CVE-2015-5600).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0295.html\");\n script_cve_id(\"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0295\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.6p1~5.3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-08-01T00:00:00", "id": "OPENVAS:1361412562310869829", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869829", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2015-12177", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2015-12177\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869829\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-01 06:54:27 +0200 (Sat, 01 Aug 2015)\");\n script_cve_id(\"CVE-2015-5600\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssh FEDORA-2015-12177\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssh'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssh on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12177\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162965.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~6.9p1~4.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:24:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "description": "Package : openssh\nVersion : 1:5.5p1-6+squeeze6\nCVE ID : CVE-2015-5352 CVE-2015-5600\nDebian Bug : #790798 #793616\n\nA recent upload of OpenSSH to Debian squeeze-lts fixes two security issues.\n\nCVE-2015-5352\n\n It was reported that when forwarding X11 connections with\n ForwardX11Trusted=no, connections made after ForwardX11Timeout\n (hard-coded value of 1200secs in the Debian squeeze version of\n OpenSSH) expired could be permitted and no longer subject to XSECURITY\n restrictions because of an ineffective timeout check in ssh(1)\n coupled with "fail open" behaviour in the X11 server when clients\n attempted connections with expired credentials. This problem was\n reported by Jann Horn.\n\n We now reject X11 connections after the hard-coded Xauth cookie\n expiration time of 1200 seconds.\n\nCVE-2015-5600\n\n It was found that OpenSSH would allow an attacker to request a large\n number of keyboard-interactive devices when entering a password,\n which could allow a remote attacker to bypass the MaxAuthTries limit\n defined in the sshd_config file.\n\n This flaw only affects OpenSSH configurations that have the\n 'KbdInteractiveAuthentication' configuration option set to 'yes'. By\n default, this option has the same value as the\n 'ChallengeResponseAuthentication' option.\n\n By default, all versions of Debian have the\n 'ChallengeResponseAuthentication' option set to 'no', meaning default\n OpenSSH configurations are not affected by this flaw.\n\n We now only query each keyboard-interactive device once per\n authentication request regardless of how many times it is listed.\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 9, "modified": "2015-08-07T11:38:57", "published": "2015-08-07T11:38:57", "id": "DEBIAN:DLA-288-1:36C61", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201508/msg00001.html", "title": "[SECURITY] [DLA 288-1] openssh security update", "type": "debian", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-11-11T13:20:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600"], "description": "Package : openssh\nVersion : 1:5.5p1-6+squeeze7\nCVE ID : CVE-2015-5600\n\nIn Debian LTS (squeeze), the fix for CVE-2015-5600[1] in openssh\n1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the\nkeyboard-interactive method. Thanks to Colin Watson for making aware of\nthat.\n\nThe patch fixing CVE-2015-5600 introduces the field 'devices_done' to the\nKbdintAuthctxt struct, but does not initialize the field in the\nkbdint_alloc() function. On Linux, this ends up filling that field with\njunk data. The result of this are random login failures when\nkeyboard-interactive authentication is used.\n\nThis upload of openssh 1:5.5p1-6+squeeze7 to Debian LTS (squeeze) adds\nthat initialization of the `devices_done` field alongside the existing\ninitialization code.\n\nPeople relying on keyboard-interactive based authentication mechanisms with\nOpenSSH on Debian squeeze(-lts) systems are recommended to upgrade\nOpenSSH to 1:5.5p1-6+squeeze7.\n\n[1] https://lists.debian.org/debian-lts-announce/2015/08/msg00001.html\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 9, "modified": "2015-09-30T03:38:12", "published": "2015-09-30T03:38:12", "id": "DEBIAN:DLA-288-2:68C70", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201509/msg00015.html", "title": "[SECURITY] [DLA 288-2] openssh regression update", "type": "debian", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-08-12T01:03:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2016-1908", "CVE-2016-10708", "CVE-2016-10011", "CVE-2015-6564", "CVE-2016-10009", "CVE-2016-6515", "CVE-2015-5352", "CVE-2016-3115", "CVE-2017-15906", "CVE-2016-10012", "CVE-2015-6563"], "description": "Package : openssh\nVersion : 1:6.7p1-5+deb8u6\nCVE ID : CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564\n CVE-2016-1908 CVE-2016-3115 CVE-2016-6515 CVE-2016-10009\n CVE-2016-10011 CVE-2016-10012 CVE-2016-10708\n CVE-2017-15906\nDebian Bug : 790798 793616 795711 848716 848717\n\n\nSeveral vulnerabilities have been found in OpenSSH, a free implementation\nof the SSH protocol suite:\n\nCVE-2015-5352\n\n OpenSSH incorrectly verified time window deadlines for X connections.\n Remote attackers could take advantage of this flaw to bypass intended\n access restrictions. Reported by Jann Horn.\n\nCVE-2015-5600\n\n OpenSSH improperly restricted the processing of keyboard-interactive\n devices within a single connection, which could allow remote attackers\n to perform brute-force attacks or cause a denial of service, in a\n non-default configuration.\n\nCVE-2015-6563\n\n OpenSSH incorrectly handled usernames during PAM authentication. In\n conjunction with an additional flaw in the OpenSSH unprivileged child\n process, remote attackers could make use if this issue to perform user\n impersonation. Discovered by Moritz Jodeit.\n\nCVE-2015-6564\n\n Moritz Jodeit discovered a use-after-free flaw in PAM support in\n OpenSSH, that could be used by remote attackers to bypass\n authentication or possibly execute arbitrary code.\n\nCVE-2016-1908\n\n OpenSSH mishandled untrusted X11 forwarding when the X server disables\n the SECURITY extension. Untrusted connections could obtain trusted X11\n forwarding privileges. Reported by Thomas Hoger.\n\nCVE-2016-3115\n\n OpenSSH improperly handled X11 forwarding data related to\n authentication credentials. Remote authenticated users could make use\n of this flaw to bypass intended shell-command restrictions. Identified\n by github.com/tintinweb.\n\nCVE-2016-6515\n\n OpenSSH did not limit password lengths for password authentication.\n Remote attackers could make use of this flaw to cause a denial of\n service via long strings.\n\nCVE-2016-10009\n\n Jann Horn discovered an untrusted search path vulnerability in\n ssh-agent allowing remote attackers to execute arbitrary local\n PKCS#11 modules by leveraging control over a forwarded agent-socket.\n\nCVE-2016-10011\n\n Jann Horn discovered that OpenSSH did not properly consider the\n effects of realloc on buffer contents. This may allow local users to\n obtain sensitive private-key information by leveraging access to a\n privilege-separated child process.\n\nCVE-2016-10012\n\n Guido Vranken discovered that the OpenSSH shared memory manager\n did not ensure that a bounds check was enforced by all compilers,\n which could allow local users to gain privileges by leveraging access\n to a sandboxed privilege-separation process.\n\nCVE-2016-10708\n\n NULL pointer dereference and daemon crash via an out-of-sequence\n NEWKEYS message.\n\nCVE-2017-15906\n\n Michal Zalewski reported that OpenSSH improperly prevent write\n operations in readonly mode, allowing attackers to create zero-length\n files.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:6.7p1-5+deb8u6.\n\nWe recommend that you upgrade your openssh packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 10, "modified": "2018-09-10T08:45:03", "published": "2018-09-10T08:45:03", "id": "DEBIAN:DLA-1500-1:E6BD7", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201809/msg00010.html", "title": "[SECURITY] [DLA 1500-1] openssh security update", "type": "debian", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "nessus": [{"lastseen": "2020-09-23T18:55:22", "description": "USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for\nCVE-2015-5600 caused a regression resulting in random authentication\nfailures in non-default configurations. This update fixes the problem.\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to perform user impersonation. (CVE number\npending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled\ncontext memory when using PAM authentication. If an\nadditional vulnerability were discovered in the OpenSSH\nunprivileged child process, this issue could allow a remote\nattacker to bypass authentication or possibly execute\narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time\nwindows for X connections. A remote attacker could use this\nissue to bypass certain access restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled\nkeyboard-interactive authentication. In a non-default\nconfiguration, a remote attacker could possibly use this\nissue to perform a brute-force password attack.\n(CVE-2015-5600).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "published": "2015-08-19T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openssh regression (USN-2710-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "modified": "2015-08-19T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:openssh-server", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2710-2.NASL", "href": "https://www.tenable.com/plugins/nessus/85533", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2710-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85533);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\");\n script_xref(name:\"USN\", value:\"2710-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openssh regression (USN-2710-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for\nCVE-2015-5600 caused a regression resulting in random authentication\nfailures in non-default configurations. This update fixes the problem.\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to perform user impersonation. (CVE number\npending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled\ncontext memory when using PAM authentication. If an\nadditional vulnerability were discovered in the OpenSSH\nunprivileged child process, this issue could allow a remote\nattacker to bypass authentication or possibly execute\narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time\nwindows for X connections. A remote attacker could use this\nissue to bypass certain access restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled\nkeyboard-interactive authentication. In a non-default\nconfiguration, a remote attacker could possibly use this\nissue to perform a brute-force password attack.\n(CVE-2015-5600).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2710-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openssh-server\", pkgver:\"1:5.9p1-5ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openssh-server\", pkgver:\"1:6.6p1-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"openssh-server\", pkgver:\"1:6.7p1-5ubuntu1.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-server\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-09-23T18:55:22", "description": "Moritz Jodeit discovered that OpenSSH incorrectly handled usernames\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to perform user impersonation. (CVE number\npending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context\nmemory when using PAM authentication. If an additional vulnerability\nwere discovered in the OpenSSH unprivileged child process, this issue\ncould allow a remote attacker to bypass authentication or possibly\nexecute arbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for\nX connections. A remote attacker could use this issue to bypass\ncertain access restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled\nkeyboard-interactive authentication. In a non-default configuration, a\nremote attacker could possibly use this issue to perform a brute-force\npassword attack. (CVE-2015-5600).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2015-08-17T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openssh vulnerabilities (USN-2710-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "modified": "2015-08-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:openssh-server", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2710-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85445", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2710-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85445);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\");\n script_xref(name:\"USN\", value:\"2710-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openssh vulnerabilities (USN-2710-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moritz Jodeit discovered that OpenSSH incorrectly handled usernames\nwhen using PAM authentication. If an additional vulnerability were\ndiscovered in the OpenSSH unprivileged child process, this issue could\nallow a remote attacker to perform user impersonation. (CVE number\npending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context\nmemory when using PAM authentication. If an additional vulnerability\nwere discovered in the OpenSSH unprivileged child process, this issue\ncould allow a remote attacker to bypass authentication or possibly\nexecute arbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for\nX connections. A remote attacker could use this issue to bypass\ncertain access restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled\nkeyboard-interactive authentication. In a non-default configuration, a\nremote attacker could possibly use this issue to perform a brute-force\npassword attack. (CVE-2015-5600).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2710-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openssh-server\", pkgver:\"1:5.9p1-5ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openssh-server\", pkgver:\"1:6.6p1-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"openssh-server\", pkgver:\"1:6.7p1-5ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-server\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-09-23T18:15:15", "description": "openssh was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups\n (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2015-11-02T00:00:00", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1840-1) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-4000", "CVE-2015-5352"], "modified": "2015-11-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1840-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86695", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1840-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86695);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2015-4000\", \"CVE-2015-5352\", \"CVE-2015-5600\");\n script_bugtraq_id(74733, 75525);\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1840-1) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssh was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups\n (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=673532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5600/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151840-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7517ec1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-openssh-12168=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssh-5.1p1-41.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssh-askpass-5.1p1-41.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssh-askpass-gnome-5.1p1-41.69.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-01-07T14:23:01", "description": "openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2015-09-22T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1581-1) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-4000", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "modified": "2015-09-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1581-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86057", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1581-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86057);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4000\", \"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_bugtraq_id(74733, 75525);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1581-1) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=673532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6564/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151581-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b348f297\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-openssh-12096=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-openssh-12096=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-openssh-12096=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-openssh-12096=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-gnome-6.2p2-0.21.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.2p2-0.21.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-askpass-6.2p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-askpass-gnome-6.2p2-0.21.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-01-07T14:23:00", "description": "openssh was updated to fix several security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c. (bsc#943010)\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n (bsc#943006)\n\nAlso use %restart_on_update in the trigger script.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2015-09-14T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2015:1544-1) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-4000", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "modified": "2015-09-14T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-helpers", "p-cpe:/a:novell:suse_linux:openssh-debuginfo", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-debugsource"], "id": "SUSE_SU-2015-1544-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1544-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85928);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4000\", \"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_bugtraq_id(74733, 75525);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2015:1544-1) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssh was updated to fix several security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c. (bsc#943010)\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n (bsc#943006)\n\nAlso use %restart_on_update in the trigger script.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6564/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151544-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b744fca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-526=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-526=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-askpass-gnome-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-debugsource-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-fips-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-helpers-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssh-helpers-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-debuginfo-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-debugsource-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-helpers-6.6p1-29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssh-helpers-debuginfo-6.6p1-29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-01-12T11:04:48", "description": "The remote host is affected by the vulnerability described in GLSA-201512-04\n(OpenSSH: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSH. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2015-12-22T00:00:00", "title": "GLSA-201512-04 : OpenSSH: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6565", "CVE-2015-6563"], "modified": "2015-12-22T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:openssh"], "id": "GENTOO_GLSA-201512-04.NASL", "href": "https://www.tenable.com/plugins/nessus/87545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201512-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87545);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\", \"CVE-2015-6565\");\n script_xref(name:\"GLSA\", value:\"201512-04\");\n\n script_name(english:\"GLSA-201512-04 : OpenSSH: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201512-04\n(OpenSSH: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSH. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201512-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All openssh users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-7.1_p1-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/openssh\", unaffected:make_list(\"ge 7.1_p1-r2\"), vulnerable:make_list(\"lt 7.1_p1-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSH\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-09-23T18:15:12", "description": "openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2015-09-14T00:00:00", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1547-1) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-4000", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "modified": "2015-09-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1547-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85929", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1547-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85929);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2015-4000\", \"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_bugtraq_id(74733, 75525);\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1547-1) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=673532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6564/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151547-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?188f3ab8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-openssh-12087=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-openssh-12087=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssh-askpass-gnome-6.2p2-0.17.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-01-07T14:23:04", "description": "OpenSSH was updated to fix several security issues and bugs.\n\nPlease note that due to a bug in the previous shipped openssh version,\nsshd might not correctly restart. Please verify that the ssh daemon is\nrunning after installing this update.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function, when\n ForwardX11Trusted mode is not used, lacked a check of\n the refusal deadline for X connections, which made it\n easier for remote attackers to bypass intended access\n restrictions via a connection outside of the permitted\n time window. (bsc#936695)\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd did not properly restrict the\n processing of keyboard-interactive devices within a\n single connection, which made it easier for remote\n attackers to conduct brute-force attacks or cause a\n denial of service (CPU consumption) via a long and\n duplicative list in the ssh\n\n -oKbdInteractiveDevices option, as demonstrated by a\n modified client that provides a different password for\n each pam element on this list. (bsc#938746)\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM. (bsc#932483)\n\n - Hardening patch to fix sftp RCE. (bsc#903649)\n\n - CVE-2015-6563: The monitor component in sshd accepted\n extraneous username data in MONITOR_REQ_PAM_INIT_CTX\n requests, which allowed local users to conduct\n impersonation attacks by leveraging any SSH login access\n in conjunction with control of the sshd uid to send a\n crafted MONITOR_REQ_PWNAM request, related to monitor.c\n and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd\n might have allowed local users to gain privileges by\n leveraging control of the sshd uid to send an\n unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nAdditional a bug was fixed that could lead to openssh not working in\nchroot (bsc#947458).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2015-10-12T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1695-1) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-4000", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "modified": "2015-10-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:openssh-helpers", "p-cpe:/a:novell:suse_linux:openssh-fips"], "id": "SUSE_SU-2015-1695-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1695-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86339);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4000\", \"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_bugtraq_id(74733, 75525);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1695-1) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSH was updated to fix several security issues and bugs.\n\nPlease note that due to a bug in the previous shipped openssh version,\nsshd might not correctly restart. Please verify that the ssh daemon is\nrunning after installing this update.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function, when\n ForwardX11Trusted mode is not used, lacked a check of\n the refusal deadline for X connections, which made it\n easier for remote attackers to bypass intended access\n restrictions via a connection outside of the permitted\n time window. (bsc#936695)\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd did not properly restrict the\n processing of keyboard-interactive devices within a\n single connection, which made it easier for remote\n attackers to conduct brute-force attacks or cause a\n denial of service (CPU consumption) via a long and\n duplicative list in the ssh\n\n -oKbdInteractiveDevices option, as demonstrated by a\n modified client that provides a different password for\n each pam element on this list. (bsc#938746)\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM. (bsc#932483)\n\n - Hardening patch to fix sftp RCE. (bsc#903649)\n\n - CVE-2015-6563: The monitor component in sshd accepted\n extraneous username data in MONITOR_REQ_PAM_INIT_CTX\n requests, which allowed local users to conduct\n impersonation attacks by leveraging any SSH login access\n in conjunction with control of the sshd uid to send a\n crafted MONITOR_REQ_PWNAM request, related to monitor.c\n and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd\n might have allowed local users to gain privileges by\n leveraging control of the sshd uid to send an\n unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nAdditional a bug was fixed that could lead to openssh not working in\nchroot (bsc#947458).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6564/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151695-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a811b187\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-openssh-12119=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-openssh-12119=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-openssh-12119=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-askpass-gnome-6.6p1-13.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-fips-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssh-helpers-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"openssh-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.6p1-13.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"openssh-helpers-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"openssh-6.6p1-13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"openssh-askpass-gnome-6.6p1-13.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"openssh-helpers-6.6p1-13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-01-07T14:23:01", "description": "openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 3.7, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2015-09-15T00:00:00", "title": "SUSE SLED11 Security Update : openssh (SUSE-SU-2015:1547-2) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5600", "CVE-2015-4000", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "modified": "2015-09-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh-askpass", "p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1547-2.NASL", "href": "https://www.tenable.com/plugins/nessus/85941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1547-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85941);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4000\", \"CVE-2015-5352\", \"CVE-2015-5600\", \"CVE-2015-6563\", \"CVE-2015-6564\");\n script_bugtraq_id(74733, 75525);\n\n script_name(english:\"SUSE SLED11 Security Update : openssh (SUSE-SU-2015:1547-2) (Logjam)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssh was updated to fix several security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2015-5352: The x11_open_helper function in\n channels.c in ssh in OpenSSH when ForwardX11Trusted mode\n is not used, lacked a check of the refusal deadline for\n X connections, which made it easier for remote attackers\n to bypass intended access restrictions via a connection\n outside of the permitted time window (bsc#936695).\n\n - CVE-2015-5600: The kbdint_next_device function in\n auth2-chall.c in sshd in OpenSSH did not properly\n restrict the processing of keyboard-interactive devices\n within a single connection, which made it easier for\n remote attackers to conduct brute-force attacks or cause\n a denial of service (CPU consumption) via a long and\n duplicative list in the ssh -oKbdInteractiveDevices\n option, as demonstrated by a modified client that\n provides a different password for each pam element on\n this list (bsc#938746).\n\n - CVE-2015-4000: Removed and disabled weak DH groups to\n address LOGJAM (bsc#932483).\n\n - Hardening patch to fix sftp RCE (bsc#903649).\n\n - CVE-2015-6563: The monitor component in sshd in OpenSSH\n accepted extraneous username data in\n MONITOR_REQ_PAM_INIT_CTX requests, which allowed local\n users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd\n uid to send a crafted MONITOR_REQ_PWNAM request, related\n to monitor.c and monitor_wrap.c.\n\n - CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in\n OpenSSH might have allowed local users to gain\n privileges by leveraging control of the sshd uid to send\n an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=673532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6564/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151547-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0093c79\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-openssh-12087=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-openssh-12087=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-6.2p2-0.17.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-askpass-6.2p2-0.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssh-askpass-gnome-6.2p2-0.17.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-01-06T09:18:36", "description": "The version of OpenSSH running on the remote host is affected by a\nsecurity bypass vulnerability due to a failure to check the refusal\ndeadline during the forwarding of untrusted X11 connections. A remote\nattacker can exploit this to bypass timeout checks and XSECURITY\nrestrictions.", "edition": 28, "published": "2015-09-14T00:00:00", "title": "AIX OpenSSH Vulnerability : openssh_advisory5.asc", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5352"], "modified": "2015-09-14T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1", "cpe:/o:ibm:aix:7.1", "cpe:/o:ibm:aix:5.3"], "id": "AIX_OPENSSH_ADVISORY5.NASL", "href": "https://www.tenable.com/plugins/nessus/85930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory openssh_advisory4.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85930);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5352\");\n script_bugtraq_id(75525);\n\n script_name(english:\"AIX OpenSSH Vulnerability : openssh_advisory5.asc\");\n script_summary(english:\"Checks the version of the openssh client and server packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a vulnerable version of OpenSSH.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSH running on the remote host is affected by a\nsecurity bypass vulnerability due to a failure to check the refusal\ndeadline during the forwarding of untrusted X11 connections. A remote\nattacker can exploit this to bypass timeout checks and XSECURITY\nrestrictions.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory5.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\n\nTo extract the fixes from the tar file :\n\n zcat OpenSSH_6.0.0.6110.tar.Z | tar xvf -\n (or)\n zcat OpenSSH_6.0.0.6201.tar.Z | tar xvf -\n\nIMPORTANT : If possible, it is recommended that an mksysb backup of\nthe system be created. Verify it is both bootable and readable before\nproceeding.\n\nTo preview the fix installation :\n\n installp -apYd . OpenSSH_6.0.0.6110\n (or)\n installp -apYd . OpenSSH_6.0.0.6201\n\nTo install the fix package:\n\n installp -aXYd . OpenSSH_6.0.0.6110\n (or) \n installp -aXYd . OpenSSH_6.0.0.6201\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1\", oslevel);\n}\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif (aix_check_package(release:\"5.3\", package:\"openssh.base.client\", minpackagever:\"4.0.0.5200\", maxpackagever:\"6.0.0.6109\", fixpackagever:\"6.0.0.6110\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssh.base.client\", minpackagever:\"6.0.0.6200\", maxpackagever:\"6.0.0.6200\", fixpackagever:\"6.0.0.6201\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssh.base.client\", minpackagever:\"4.0.0.5200\", maxpackagever:\"6.0.0.6109\", fixpackagever:\"6.0.0.6110\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssh.base.client\", minpackagever:\"6.0.0.6200\", maxpackagever:\"6.0.0.6200\", fixpackagever:\"6.0.0.6201\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssh.base.client\", minpackagever:\"4.0.0.5200\", maxpackagever:\"6.0.0.6109\", fixpackagever:\"6.0.0.6110\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssh.base.client\", minpackagever:\"6.0.0.6200\", maxpackagever:\"6.0.0.6200\", fixpackagever:\"6.0.0.6201\") > 0) flag++;\n\nif (aix_check_package(release:\"5.3\", package:\"openssh.base.server\", minpackagever:\"4.0.0.5200\", maxpackagever:\"6.0.0.6109\", fixpackagever:\"6.0.0.6110\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssh.base.server\", minpackagever:\"6.0.0.6200\", maxpackagever:\"6.0.0.6200\", fixpackagever:\"6.0.0.6201\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssh.base.server\", minpackagever:\"4.0.0.5200\", maxpackagever:\"6.0.0.6109\", fixpackagever:\"6.0.0.6110\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssh.base.server\", minpackagever:\"6.0.0.6200\", maxpackagever:\"6.0.0.6200\", fixpackagever:\"6.0.0.6201\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssh.base.server\", minpackagever:\"4.0.0.5200\", maxpackagever:\"6.0.0.6109\", fixpackagever:\"6.0.0.6110\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssh.base.server\", minpackagever:\"6.0.0.6200\", maxpackagever:\"6.0.0.6200\", fixpackagever:\"6.0.0.6201\") > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh.base.client / openssh.base.server\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-5352"], "description": "USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for \nCVE-2015-5600 caused a regression resulting in random authentication \nfailures in non-default configurations. This update fixes the problem.\n\nOriginal advisory details:\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames when \nusing PAM authentication. If an additional vulnerability were discovered in \nthe OpenSSH unprivileged child process, this issue could allow a remote \nattacker to perform user impersonation. (CVE number pending)\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory \nwhen using PAM authentication. If an additional vulnerability were \ndiscovered in the OpenSSH unprivileged child process, this issue could \nallow a remote attacker to bypass authentication or possibly execute \narbitrary code. (CVE number pending)\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for \nX connections. A remote attacker could use this issue to bypass certain \naccess restrictions. (CVE-2015-5352)\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive \nauthentication. In a non-default configuration, a remote attacker could \npossibly use this issue to perform a brute-force password attack. \n(CVE-2015-5600)", "edition": 5, "modified": "2015-08-18T00:00:00", "published": "2015-08-18T00:00:00", "id": "USN-2710-2", "href": "https://ubuntu.com/security/notices/USN-2710-2", "title": "OpenSSH regression", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "description": "[6.6.1p1-22]\n- Use the correct constant for glob limits (#1160377)\n[6.6.1p1-21]\n- Extend memory limit for remote glob in sftp acc. to stat limit (#1160377)\n[6.6.1p1-20]\n- Fix vulnerabilities published with openssh-7.0 (#1265807)\n - Privilege separation weakness related to PAM support\n - Use-after-free bug related to PAM support\n[6.6.1p1-19]\n- Increase limit of files for glob match in sftp to 8192 (#1160377)\n[6.6.1p1-18]\n- Add GSSAPIKexAlgorithms option for server and client application (#1253062)\n[6.6.1p1-17]\n- Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864)\n - XSECURITY restrictions bypass under certain conditions in ssh(1) (#1238231)\n - weakness of agent locking (ssh-add -x) to password guessing (#1238238)\n[6.6.1p1-16]\n- only query each keyboard-interactive device once (CVE-2015-5600) (#1245971)\n[6.6.1p1-15]\n- One more typo in manual page documenting TERM variable (#1162683)\n- Fix race condition with auditing messages answers (#1240613)\n[6.6.1p1-14]\n- Fix ldif schema to have correct spacing on newlines (#1184938)\n- Add missing values for sshd test mode (#1187597)\n- ssh-copy-id: tcsh doesnt work with multiline strings (#1201758)\n- Fix memory problems with newkeys and array transfers (#1223218)\n- Enhance AllowGroups documentation in man page (#1150007)\n[6.6.1p1-13]\n- Increase limit of files for glob match in sftp (#1160377)\n- Add pam_reauthorize.so to /etc/pam.d/sshd (#1204233)\n- Show all config values in sshd test mode (#1187597)\n- Document required selinux boolean for working ssh-ldap-helper (#1178116)\n- Consistent usage of pam_namespace in sshd (#1125110)\n- Fix auditing when using combination of ForcedCommand and PTY (#1199112)\n- Add sftp option to force mode of created files (#1197989)\n- Ability to specify an arbitrary LDAP filter in ldap.conf for ssh-ldap-helper (#1201753)\n- Provide documentation line for systemd service and socket (#1181591)\n- Provide LDIF version of LPK schema (#1184938)\n- Document TERM environment variable (#1162683)\n- Fix ssh-copy-id on non-sh remote shells (#1201758)\n- Do not read RSA1 hostkeys for HostBased authentication in FIPS (#1197666)", "edition": 4, "modified": "2015-11-23T00:00:00", "published": "2015-11-23T00:00:00", "id": "ELSA-2015-2088", "href": "http://linux.oracle.com/errata/ELSA-2015-2088.html", "title": "openssh security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "description": "[5.3p1-114]\n- CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (#1245969)\n[5.3p1-113]\n- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317816)", "edition": 4, "modified": "2016-03-21T00:00:00", "published": "2016-03-21T00:00:00", "id": "ELSA-2016-0466", "href": "http://linux.oracle.com/errata/ELSA-2016-0466.html", "title": "openssh security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "description": "[4.3p2-82.0.2]\n- CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (John Haxby) [orabug 22985024]\n- CVE-2016-3115: missing sanitisation of input for X11 forwarding (John Haxby) [orabug 22985024]", "edition": 4, "modified": "2016-04-03T00:00:00", "published": "2016-04-03T00:00:00", "id": "ELSA-2016-3531", "href": "http://linux.oracle.com/errata/ELSA-2016-3531.html", "title": "openssh security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6565", "CVE-2015-6563"], "description": "### Background\n\nOpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll openssh users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openssh-7.1_p1-r2\"", "edition": 1, "modified": "2015-12-21T00:00:00", "published": "2015-12-20T00:00:00", "id": "GLSA-201512-04", "href": "https://security.gentoo.org/glsa/201512-04", "type": "gentoo", "title": "OpenSSH: Multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:22:46", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-4000", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "edition": 1, "description": "openssh was updated to fix several security issues and bugs.\n\n These security issues were fixed:\n * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in\n OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the\n refusal deadline for X connections, which made it easier for remote\n attackers to bypass intended access restrictions via a connection outside\n of the permitted time window (bsc#936695).\n * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd\n in OpenSSH did not properly restrict the processing of\n keyboard-interactive devices within a single connection, which made it\n easier for remote attackers to conduct brute-force attacks or cause a\n denial of service (CPU consumption) via a long and duplicative list in\n the ssh -oKbdInteractiveDevices option, as demonstrated by a modified\n client that provides a different password for each pam element on this\n list (bsc#938746).\n * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM\n (bsc#932483).\n * Hardening patch to fix sftp RCE (bsc#903649).\n * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted\n extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which\n allowed local users to conduct impersonation attacks by leveraging any\n SSH login access in conjunction with control of the sshd uid to send a\n crafted MONITOR_REQ_PWNAM request, related to monitor.c and\n monitor_wrap.c.\n * CVE-2015-6564: Use-after-free vulnerability in the\n mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might\n have allowed local users to gain privileges by leveraging control of the\n sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.\n\n These non-security issues were fixed:\n - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential\n for oom_killer.\n - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to\n WebSphere mqm user.\n - bsc#916549: Fixed support for aesXXX-gcm@xxxxxxxxxxx.\n\n", "modified": "2015-09-21T09:10:02", "published": "2015-09-21T09:10:02", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", "id": "SUSE-SU-2015:1581-1", "title": "Security update for openssh (important)", "type": "suse", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:35:20", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5352"], "description": "**Issue Overview:**\n\nIt was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with \"fail open\" behavior in the X11 server when clients attempted connections with expired credentials.\n\n \n**Affected Packages:** \n\n\nopenssh\n\n \n**Issue Correction:** \nRun _yum update openssh_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssh-server-6.2p2-8.44.amzn1.i686 \n openssh-debuginfo-6.2p2-8.44.amzn1.i686 \n openssh-clients-6.2p2-8.44.amzn1.i686 \n pam_ssh_agent_auth-0.9.3-5.8.44.amzn1.i686 \n openssh-6.2p2-8.44.amzn1.i686 \n openssh-ldap-6.2p2-8.44.amzn1.i686 \n openssh-keycat-6.2p2-8.44.amzn1.i686 \n \n src: \n openssh-6.2p2-8.44.amzn1.src \n \n x86_64: \n openssh-6.2p2-8.44.amzn1.x86_64 \n openssh-keycat-6.2p2-8.44.amzn1.x86_64 \n pam_ssh_agent_auth-0.9.3-5.8.44.amzn1.x86_64 \n openssh-clients-6.2p2-8.44.amzn1.x86_64 \n openssh-debuginfo-6.2p2-8.44.amzn1.x86_64 \n openssh-ldap-6.2p2-8.44.amzn1.x86_64 \n openssh-server-6.2p2-8.44.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2015-07-22T10:00:00", "published": "2015-07-22T10:00:00", "id": "ALAS-2015-568", "href": "https://alas.aws.amazon.com/ALAS-2015-568.html", "title": "Medium: openssh", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:35:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-6563"], "description": "**Issue Overview:**\n\nA flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. \n\n\n \n**Affected Packages:** \n\n\nopenssh\n\n \n**Issue Correction:** \nRun _yum update openssh_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssh-6.6.1p1-22.58.amzn1.i686 \n openssh-server-6.6.1p1-22.58.amzn1.i686 \n pam_ssh_agent_auth-0.9.3-9.22.58.amzn1.i686 \n openssh-keycat-6.6.1p1-22.58.amzn1.i686 \n openssh-ldap-6.6.1p1-22.58.amzn1.i686 \n openssh-debuginfo-6.6.1p1-22.58.amzn1.i686 \n openssh-clients-6.6.1p1-22.58.amzn1.i686 \n \n src: \n openssh-6.6.1p1-22.58.amzn1.src \n \n x86_64: \n openssh-6.6.1p1-22.58.amzn1.x86_64 \n openssh-clients-6.6.1p1-22.58.amzn1.x86_64 \n pam_ssh_agent_auth-0.9.3-9.22.58.amzn1.x86_64 \n openssh-server-6.6.1p1-22.58.amzn1.x86_64 \n openssh-debuginfo-6.6.1p1-22.58.amzn1.x86_64 \n openssh-keycat-6.6.1p1-22.58.amzn1.x86_64 \n openssh-ldap-6.6.1p1-22.58.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-12-14T10:00:00", "published": "2015-12-14T10:00:00", "id": "ALAS-2015-625", "href": "https://alas.aws.amazon.com/ALAS-2015-625.html", "title": "Medium: openssh", "type": "amazon", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5352"], "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "modified": "2015-07-10T19:18:26", "published": "2015-07-10T19:18:26", "id": "FEDORA:0F42760C37F8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssh-6.9p1-1.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600"], "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "modified": "2015-08-19T08:15:54", "published": "2015-08-19T08:15:54", "id": "FEDORA:146EF61A1014", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssh-6.9p1-5.fc22", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600"], "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "modified": "2015-07-30T13:56:25", "published": "2015-07-30T13:56:25", "id": "FEDORA:27BE8609204C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssh-6.9p1-3.fc22", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600"], "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "modified": "2015-07-31T07:53:13", "published": "2015-07-31T07:53:13", "id": "FEDORA:5CE3E6118DC1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssh-6.9p1-4.fc22", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9278", "CVE-2015-5352"], "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "modified": "2015-07-10T19:09:25", "published": "2015-07-10T19:09:25", "id": "FEDORA:0429D60C85D7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: openssh-6.6.1p1-13.fc21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9278", "CVE-2015-5600"], "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "modified": "2015-08-03T04:31:13", "published": "2015-08-03T04:31:13", "id": "FEDORA:2E88760877A1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: openssh-6.6.1p1-15.fc21", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "modified": "2015-08-27T23:52:00", "published": "2015-08-27T23:52:00", "id": "FEDORA:7B66961B84A2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5352"], "description": "When forwarding X11 connections with ForwardX11Trusted=no, connections\nmade after ForwardX11Timeout expired could be permitted and no longer\nsubject to XSECURITY restrictions because of an ineffective timeout\ncheck in ssh coupled with "fail open" behaviour in the X11 server when\nclients attempted connections with expired credentials. This problem was\nreported by Jann Horn.", "modified": "2015-07-04T00:00:00", "published": "2015-07-04T00:00:00", "id": "ASA-201507-4", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html", "type": "archlinux", "title": "openssh: XSECURITY restrictions bypass", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600"], "description": "The OpenSSH server normally wouldn't allow successive authentications\nthat exceed the MaxAuthTries setting in sshd_config, however when using\nkbd-interactive challenge-response authentication the allowed login\nretries can be extended limited only by the LoginGraceTime setting, that\ncan be more than 10000 tries (depends on the network speed), and even\nmore for local attacks.", "modified": "2015-07-23T00:00:00", "published": "2015-07-23T00:00:00", "id": "ASA-201507-17", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html", "type": "archlinux", "title": "openssh: authentication limits bypass", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "aix": [{"lastseen": "2019-05-29T19:19:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5352"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri Sep 4 05:15:17 CDT 2015\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssh_advisory5.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssh_advisory5.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssh_advisory5.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n VULNERABILITY: AIX OpenSSH vulnerability\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-5352\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n CVE-2015-5352\n A vulnerability in ssh when ForwardX11Trusted mode is not used, lacks a \n check of the refusal deadline for X connections, which makes it easier for \n remote attackers to bypass intended access restrictions via a connection \n outside of the permitted time window\n\nII. CVSS\n\n 1. CVE-2015-5352\n CVSS Base Score:4.3\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/104418\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following command:\n\n lslpp -L openssh.base\n \n The following fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n openssh.base 4.0.0.5200 6.0.0.6200 key_w_fs\n \n\t\n\nIV. SOLUTIONS\n\n A. FIXES\n\n fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n Fixed fileset version are OpenSSH_6.0.0.6110.tar.Z and OpenSSH_6.0.0.6201.tar.Z\n Refer to the Readme file for more details on the fileset.\n\n Note - OpenSSH releases 6.0.0.6110 and 6.0.0.6201 are same except that 6.0.0.6201 is \n compiled with OpenSSL v1.0.1 and contains ECDSA key support.\n\n To extract the fixes from the tar file:\n\n zcat OpenSSH_6.0.0.6110.tar.Z | tar xvf -\n (or)\n zcat OpenSSH_6.0.0.6201.tar.Z | tar xvf -\n\n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview the fix installation:\n\n installp -apYd . OpenSSH_6.0.0.6110\n (or)\n installp -apYd . OpenSSH_6.0.0.6201\n\n To install the fix package:\n\n installp -aXYd . OpenSSH_6.0.0.6110\n (or) \n installp -aXYd . OpenSSH_6.0.0.6201\n\nV. WORKAROUNDS\n \n No Workarounds.\n \n\nVI. CONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/104418\n CVE-2015-5352 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "edition": 4, "modified": "2015-09-04T05:15:17", "published": "2015-09-04T05:15:17", "id": "OPENSSH_ADVISORY5.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssh_advisory5.asc", "title": "AIX OpenSSH Vulnerability", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600"], "description": "\n\nIt was discovered that the OpenSSH sshd daemon did not check the\n\t list of keyboard-interactive authentication methods for duplicates.\n\t A remote attacker could use this flaw to bypass the MaxAuthTries\n\t limit, making it easier to perform password guessing attacks.\n\n", "edition": 4, "modified": "2016-08-09T00:00:00", "published": "2015-07-21T00:00:00", "id": "5B74A5BC-348F-11E5-BA05-C80AA9043978", "href": "https://vuxml.freebsd.org/freebsd/5b74a5bc-348f-11e5-ba05-c80aa9043978.html", "title": "OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices", "type": "freebsd", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600"], "description": "It's possible to bypass MaxAuthTries restrictions.", "edition": 1, "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14614", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14614", "title": "OpenSSH resreictions bypass", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600", "CVE-2014-2653"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n=============================================================================\r\nFreeBSD-SA-15:16.openssh Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: OpenSSH multiple vulnerabilities\r\n\r\nCategory: contrib\r\nModule: openssh\r\nAnnounced: 2015-07-28, revised on 2015-07-30\r\nAffects: All supported versions of FreeBSD.\r\nCorrected: 2015-07-28 19:58:44 UTC (stable/10, 10.2-PRERELEASE)\r\n 2015-07-28 19:58:44 UTC (stable/10, 10.2-BETA2-p2)\r\n 2015-07-28 19:59:04 UTC (releng/10.2, 10.2-RC1-p1)\r\n 2015-07-28 19:59:11 UTC (releng/10.1, 10.1-RELEASE-p16)\r\n 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE)\r\n 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21)\r\n 2015-07-30 10:09:07 UTC (stable/8, 8.4-STABLE)\r\n 2015-07-30 10:09:31 UTC (releng/8.4, 8.4-RELEASE-p36)\r\nCVE Name: CVE-2014-2653, CVE-2015-5600\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit <URL:https://security.FreeBSD.org/>.\r\n\r\n0. Revision history\r\n\r\nv1.0 2015-02-25 Initial release.\r\nv1.1 2015-07-30 Revised patch for FreeBSD 8.x to address regression when\r\n keyboard interactive authentication is used.\r\n\r\nI. Background\r\n\r\nOpenSSH is an implementation of the SSH protocol suite, providing an\r\nencrypted and authenticated transport for a variety of services,\r\nincluding remote shell access.\r\n\r\nThe security of the SSH connection relies on the server authenticating\r\nitself to the client as well as the user authenticating itself to the\r\nserver. SSH servers uses host keys to verify their identity.\r\n\r\nRFC 4255 has defined a method of verifying SSH host keys using Domain\r\nName System Security (DNSSEC), by publishing the key fingerprint using\r\nDNS with "SSHFP" resource record. RFC 6187 has defined methods to use\r\na signature by a trusted certification authority to bind a given public\r\nkey to a given digital identity with X.509v3 certificates.\r\n\r\nThe PAM (Pluggable Authentication Modules) library provides a flexible\r\nframework for user authentication and session setup / teardown.\r\n\r\nOpenSSH uses PAM for password authentication by default.\r\n\r\nII. Problem Description\r\n\r\nOpenSSH clients does not correctly verify DNS SSHFP records when a server\r\noffers a certificate. [CVE-2014-2653]\r\n\r\nOpenSSH servers which are configured to allow password authentication\r\nusing PAM (default) would allow many password attempts.\r\n\r\nIII. Impact\r\n\r\nA malicious server may be able to force a connecting client to skip DNS\r\nSSHFP record check and require the user to perform manual host verification\r\nof the host key fingerprint. This could allow man-in-the-middle attack\r\nif the user does not carefully check the fingerprint. [CVE-2014-2653]\r\n\r\nA remote attacker may effectively bypass MaxAuthTries settings, which would\r\nenable them to brute force passwords. [CVE-2015-5600]\r\n\r\nIV. Workaround\r\n\r\nSystems that do not use OpenSSH are not affected.\r\n\r\nThere is no workaround for CVE-2014-2653, but the problem only affects\r\nnetworks where DNSsec and SSHFP is properly configured. Users who uses\r\nSSH should always check server host key fingerprints carefully when\r\nprompted.\r\n\r\nSystem administrators can set:\r\n\r\n\tUsePAM no\r\n\r\nIn their /etc/ssh/sshd_config and restart sshd service to workaround the\r\nproblem described as CVE-2015-5600 at expense of losing features provided\r\nby the PAM framework.\r\n\r\nWe recommend system administrators to disable password based authentication\r\ncompletely, and use key based authentication exclusively in their SSH server\r\nconfiguration, when possible. This would eliminate the possibility of being\r\never exposed to password brute force attack.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\r\nrelease / security branch (releng) dated after the correction date.\r\n\r\nSSH service has to be restarted after the update. A reboot is recommended\r\nbut not required.\r\n\r\n2) To update your vulnerable system via a binary patch:\r\n\r\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\r\nplatforms can be updated via the freebsd-update(8) utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nSSH service has to be restarted after the update. A reboot is recommended\r\nbut not required.\r\n\r\n3) To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to the applicable\r\nFreeBSD release branches.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n[FreeBSD 9.3, 10.1, 10.2]\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh.patch\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh.patch.asc\r\n# gpg --verify openssh.patch.asc\r\n\r\n[FreeBSD 8.4]\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch.asc\r\n# gpg --verify openssh-8.patch.asc\r\n\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patc\r\n# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patch.asc\r\n# gpg --verify openssh-8-errata.patch.asc\r\n\r\nb) Apply the patch. Execute the following commands as root:\r\n\r\n# cd /usr/src\r\n# patch < /path/to/patch\r\n\r\nc) Recompile the operating system using buildworld and installworld as\r\ndescribed in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.\r\n\r\nRestart the SSH service, or reboot the system.\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the correction revision numbers for each\r\naffected branch.\r\n\r\nBranch/path Revision\r\n- -------------------------------------------------------------------------\r\nstable/8/ r286067\r\nreleng/8.4/ r286068\r\nstable/9/ r285977\r\nreleng/9.3/ r285980\r\nstable/10/ r285976\r\nreleng/10.1/ r285979\r\nreleng/10.2/ r285978\r\n- -------------------------------------------------------------------------\r\n\r\nTo see which files were modified by a particular revision, run the\r\nfollowing command, replacing NNNNNN with the revision number, on a\r\nmachine with Subversion installed:\r\n\r\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\r\n\r\nOr visit the following URL, replacing NNNNNN with the revision number:\r\n\r\n<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>\r\n\r\nVII. References\r\n\r\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653>\r\n\r\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600>\r\n\r\nThe latest revision of this advisory is available at\r\n<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:16.openssh.asc>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.1.6 (FreeBSD)\r\n\r\niQIcBAEBCgAGBQJVufuCAAoJEO1n7NZdz2rnHHAQALfjXH/WyrgpHxw1YFipwFSD\r\nbl+HLbdvMVbfBxLV7eVBK9RPQiyoxwocmU0uMdiNEIWt2llczTLEl/wtUjj6f4Ko\r\nK6E7AAOgOX4zdQxBd2502FvXC1oNbDEvK8X3M4MzPHAG4QRgXNffRGYvClmbayck\r\n2i+bjcHdKAEwFJjHk4wXOQ0yhdF6Q36bH0N3kPV9z7sAt3tuzSWhvtX6QQSyeuCJ\r\nie2db9CdSUnFhYELJnVMpVTf3ppMqUT6QEe45LmsGA6F8yWdMaW2vtMdJq6xFVYP\r\nINCUVyOlDRu0TibjLUpXu4KugeDgyTXy9oz4SRdnpcUWz33fM6aSgOkpiM1h05ja\r\nBJrs0HZbkjCwtD+8a0buoyIKb9NBIsDKbrec5g8AEDkAHjRzraLGAXUYwkFeyqYJ\r\nj+ll5r5iu5fc4s8QM+ySlGCW8V9Ix8FX7Rr7FhAWLSKEldDsnCRjG4EfrAcd1HiC\r\nPleAnLv4uKwfSugIBIEs5ls7+TzWytW8nnEpMEerXUD894suFIycOT6eoUYF/CCT\r\nI1nHWSITw4HSj8+wBvrhxwZCRqIMOAZB+3jzrwRE+QZkghoWnPnqrCn9uLkdndq5\r\newgz6PiuYC8Zx0Z6trA72oV+XjTKu2d6eO5tRpe9aAmhPmfBWg3fXYltVzTzF9IE\r\nr0z98qmTEPiTDi8dr+K/\r\n=GsXJ\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-08-02T00:00:00", "published": "2015-08-02T00:00:00", "id": "SECURITYVULNS:DOC:32378", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32378", "title": "FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600"], "description": "USN-2710-1 OpenSSH Vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nOpenSSH\n\n# Versions Affected\n\n * Ubuntu 14.04 \n\n# Description\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation.\n\nMoritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code.\n\nJann Horn discovered that OpenSSH incorrectly handled time windows for X connections. A remote attacker could use this issue to bypass certain access restrictions.\n\nIt was discovered that OpenSSH incorrectly handled keyboard-interactive authentication. In a non-default configuration, a remote attacker could possibly use this issue to perform a brute-force password attack.\n\nNote that USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. USN-2710-2 update fixes the problem.\n\nThe Cloud Foundry project released a BOSH stemcell version 3048 and a cflinuxfs2 rootfs stack that have the patched version of OpenSSH.\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * All versions of Cloud Foundry BOSH stemcells prior to 3042 have versions of OpenSSH vulnerable to USN-2710-1. \n * All versions of Cloud Foundry cflinuxfs2 prior to 1.5.0 have versions of OpenSSH vulnerable to USN-2710-1. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3048 or later versions, and cflinuxfs2 version 1.5.0 or later versions. \n\n# Credit\n\nMoritz Jodeit and Jann Horn\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2710-1/>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "edition": 5, "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "id": "CFOUNDRY:28883491CAD3C04ED61F2AE814DD1633", "href": "https://www.cloudfoundry.org/blog/usn-2710-1/", "title": "USN-2710-1 OpenSSH Vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "description": "OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.\nThese packages include the core files necessary for both the OpenSSH client\nand server.\n\nIt was discovered that the OpenSSH server did not sanitize data received\nin requests to enable X11 forwarding. An authenticated client with\nrestricted SSH access could possibly use this flaw to bypass intended\nrestrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically.\n", "modified": "2018-06-06T20:24:20", "published": "2016-03-21T04:00:00", "id": "RHSA-2016:0466", "href": "https://access.redhat.com/errata/RHSA-2016:0466", "type": "redhat", "title": "(RHSA-2016:0466) Moderate: openssh security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564"], "description": "OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way OpenSSH handled PAM authentication when using\nprivilege separation. An attacker with valid credentials on the system and\nable to fully compromise a non-privileged pre-authentication process using\na different flaw could use this flaw to authenticate as other users.\n(CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a different\nflaw could possibly cause sshd to crash or execute arbitrary code with\nroot privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys\nused for public key authentication, was vulnerable to password guessing\nattacks. An attacker able to connect to the agent could use this flaw to\nconduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs:\n\n* Previously, the sshd_config(5) man page was misleading and could thus\nconfuse the user. This update improves the man page text to clearly\ndescribe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to \"2\", multiplexed SSH connections did not work\nas expected. After the user attempted to open a second multiplexed\nconnection, the attempt failed if the first connection was still open. This\nupdate modifies OpenSSH to issue only one audit message per session, and\nthe user is thus able to open two multiplexed connections in this\nsituation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server did\nnot use an sh-like shell. Remote commands have been modified to run in an\nsh-like shell, and ssh-copy-id now works also with non-sh-like shells.\n(BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when using\nControlMaster multiplexing, one session in the shared connection randomly\nand unexpectedly exited the connection. This update fixes the race\ncondition in the auditing code, and multiplexing connections now work as\nexpected even with a number of sessions created at once. (BZ#1240613)\n\nIn addition, this update adds the following enhancements:\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers possess\na default schema, as expected by the ssh-ldap-helper program, this update\nprovides the user with an ability to adjust the LDAP query to get public\nkeys from servers with a different schema, while the default functionality\nstays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set\npermissions for files uploaded using Secure File Transfer Protocol (SFTP).\n(BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted\nby OpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic Security\nServices API (GSSAPI) key exchange algorithms as any normal key exchange.\n(BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.", "modified": "2018-04-12T03:33:04", "published": "2015-11-19T19:41:38", "id": "RHSA-2015:2088", "href": "https://access.redhat.com/errata/RHSA-2015:2088", "type": "redhat", "title": "(RHSA-2015:2088) Moderate: openssh security, bug fix, and enhancement update", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:28", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5352", "CVE-2015-6563", "CVE-2015-6564", "CVE-2016-1908"], "description": "OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nSecurity Fix(es):\n\n* It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-5352)\n\n* A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)\n\n* A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564)\n\n* An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908)\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "modified": "2018-06-06T20:24:16", "published": "2016-05-10T10:42:16", "id": "RHSA-2016:0741", "href": "https://access.redhat.com/errata/RHSA-2016:0741", "type": "redhat", "title": "(RHSA-2016:0741) Moderate: openssh security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:43", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2016-3115"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0466\n\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.\nThese packages include the core files necessary for both the OpenSSH client\nand server.\n\nIt was discovered that the OpenSSH server did not sanitize data received\nin requests to enable X11 forwarding. An authenticated client with\nrestricted SSH access could possibly use this flaw to bypass intended\nrestrictions. (CVE-2016-3115)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nAll openssh users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033783.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-clients\nopenssh-ldap\nopenssh-server\npam_ssh_agent_auth\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0466.html", "edition": 3, "modified": "2016-03-21T22:18:29", "published": "2016-03-21T22:18:29", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033783.html", "id": "CESA-2016:0466", "title": "openssh, pam_ssh_agent_auth security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-12-20T18:27:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5600", "CVE-2015-6564", "CVE-2015-6563"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2088\n\n\nOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way OpenSSH handled PAM authentication when using\nprivilege separation. An attacker with valid credentials on the system and\nable to fully compromise a non-privileged pre-authentication process using\na different flaw could use this flaw to authenticate as other users.\n(CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. An attacker able to fully\ncompromise a non-privileged pre-authentication process using a different\nflaw could possibly cause sshd to crash or execute arbitrary code with\nroot privileges. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys\nused for public key authentication, was vulnerable to password guessing\nattacks. An attacker able to connect to the agent could use this flaw to\nconduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs:\n\n* Previously, the sshd_config(5) man page was misleading and could thus\nconfuse the user. This update improves the man page text to clearly\ndescribe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to \"2\", multiplexed SSH connections did not work\nas expected. After the user attempted to open a second multiplexed\nconnection, the attempt failed if the first connection was still open. This\nupdate modifies OpenSSH to issue only one audit message per session, and\nthe user is thus able to open two multiplexed connections in this\nsituation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server did\nnot use an sh-like shell. Remote commands have been modified to run in an\nsh-like shell, and ssh-copy-id now works also with non-sh-like shells.\n(BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when using\nControlMaster multiplexing, one session in the shared connection randomly\nand unexpectedly exited the connection. This update fixes the race\ncondition in the auditing code, and multiplexing connections now work as\nexpected even with a number of sessions created at once. (BZ#1240613)\n\nIn addition, this update adds the following enhancements:\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers possess\na default schema, as expected by the ssh-ldap-helper program, this update\nprovides the user with an ability to adjust the LDAP query to get public\nkeys from servers with a different schema, while the default functionality\nstays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set\npermissions for files uploaded using Secure File Transfer Protocol (SFTP).\n(BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted\nby OpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic Security\nServices API (GSSAPI) key exchange algorithms as any normal key exchange.\n(BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/008721.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-clients\nopenssh-keycat\nopenssh-ldap\nopenssh-server\nopenssh-server-sysvinit\npam_ssh_agent_auth\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2088.html", "edition": 3, "modified": "2015-11-30T19:46:33", "published": "2015-11-30T19:46:33", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/008721.html", "id": "CESA-2015:2088", "title": "openssh, pam_ssh_agent_auth security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-12-20T18:26:24", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1908", "CVE-2015-6564", "CVE-2015-5352", "CVE-2015-6563"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0741\n\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nSecurity Fix(es):\n\n* It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-5352)\n\n* A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)\n\n* A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564)\n\n* An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908)\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-May/009133.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-clients\nopenssh-ldap\nopenssh-server\npam_ssh_agent_auth\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0741.html", "edition": 3, "modified": "2016-05-16T10:19:28", "published": "2016-05-16T10:19:28", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-May/009133.html", "id": "CESA-2016:0741", "title": "openssh, pam_ssh_agent_auth security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "symantec": [{"lastseen": "2020-12-24T10:41:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-1692", "CVE-2014-2532", "CVE-2014-2653", "CVE-2014-9278", "CVE-2015-5352", "CVE-2015-5600", "CVE-2015-6563", "CVE-2015-6564", "CVE-2015-6565"], "description": "### SUMMARY\n\nBlue Coat products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. An attacker, with access to the management interface, may exploit these vulnerabilities to conduct brute-force password guessing attacks, bypass access restrictions, log in as a different user, achieve privilege escalation, execute arbitrary code, and force SSH clients to skip security checks. The attacker can also cause denial of service due to memory corruption and illegal memory accesses. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 \nCVE-2014-2653 | 6.6 | Upgrade to 6.6.3.1. \nCVE-2014-2532 | 6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.3.1. \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.5.1. \n \n \n\n**Content Analysis System (CAS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \nCVE-2014-2532, CVE-2014-2653 | 1.3 | Upgrade to 1.3.6.1. \n1.1, 1.2 | Upgrade to later release with fixes. \nCVE-2015-6563, CVE-2015-6564 | 1.3 | Upgrade to 1.3.7.1. \n1.1, 1.2 | Upgrade to later release with fixes. \nCVE-2015-5352, CVE-2015-5600 | 1.3 (not vulnerable to known vectors of attack) | Upgrade to 1.3.7.1. \n1.1, 1.2 (not vulnerable to known vectors of attack0 | Upgrade to later release with fixes. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653, \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 6.1 | Upgrade to 6.1.22.1. \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-6563, CVE-2015-6564 | 1.1 | Not available at this time \nCVE-2015-5600 | 1.1 (not vulnerable to known vectors of attack) | Upgrade to 1.1.2.1. \nCVE-2015-5352 | 1.1 (not vulnerable to known vectors of attack) | Not available at this time \n \n \n\n**Malware Analysis Appliance (MAA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653, \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 4.2 | Upgrade to 4.2.8. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653 | 1.5 and later | Not vulnerable, fixed in 1.5.1.1 \n1.4 | Upgrade to later release with fixes. \nCVE-2015-6563, CVE-2015-6564 | 1.6 and later | Not vulnerable, fixed in 1.6.1.1 \n1.4, 1.5 | Upgrade to later release with fixes. \n \n \n\n**Norman Shark Industrial Control System Protection (ICSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5352, CVE-2015-5600, \nCVE-2015-6563, CVE-2015-6564 | 5.4 | Not vulnerable, fixed in 5.4.1 \n5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark Network Protection (NNP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5352, CVE-2015-5600, \nCVE-2015-6563, CVE-2015-6564 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark SCADA Protection (NSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-5352, CVE-2015-5600, \nCVE-2015-6563, CVE-2015-6564 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**PacketShaper (PS) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 11.6 and later | Not vulnerable, fixed in 11.6.1.1 \nCVE-2014-2532, CVE-2015-5600 | 11.5 | Upgrade to 11.5.2.1. \n11.2, 11.3, 11.4 | Upgrade to later release with fixes. \nCVE-2015-6563, CVE-2015-6564 | 11.5 | Upgrade to 11.5.3.2. \n11.2, 11.3, 11.4 | Upgrade to later release with fixes. \n \n \n\n**PolicyCenter (PC) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-6563, CVE-2015-6564 | 1.1 | Upgrade to 1.1.2.2. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.3.1. \nCVE-2014-9278 | 10.1 and later | Not vulnerable \nCVE-2015-5352, CVE-2015-5600 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.4.2. \nCVE-2015-6563, CVE-2015-6564 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to 10.1.4.2. \nAll CVEs | 9.4, 9.5 | Not vulnerable \n \n \n\n**Security Analytics (SA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532 | 7.2 and later | Not vulnerable, fixed in 7.2.1 \n7.1 | Upgrade to 7.1.11. \n7.0 | Upgrade to later release with fixes. \n6.6 | Upgrade to 6.6.12. \nCVE-2014-2653, \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 7.2 and later | Not vulnerable, fixed in 7.2.1 \n7.1 | Upgrade to 7.1.11. \n7.0 | Upgrade to later release with fixes. \n6.6 | Upgrade to 6.6.12. \nCVE-2015-5352 | 7.2 and later | Not vulnerable, fixed in 7.2.1 \n7.1 (not vulnerable to known vectors of attack) | Apply patch RPM available from customer support. \n7.0 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. \n6.6 (not vulnerable to known vectors of attack) | Apply patch RPM available from customer support. \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-6563, CVE-2015-6564 | 3.10 and later | Fixed in 3.10.1.1 \n3.9 | Upgrade to 3.9.3.6. \n3.8.4FC | Upgrade to 3.8.4FC-55. \n3.8 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-2532, CVE-2014-2653, \nCVE-2015-5600, CVE-2015-6563, \nCVE-2015-6564 | 11.0 | Not available at this time \n10.0 | Not available at this time \n9.7 | Not available at this time \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nIn SSL Visibility, the OpenSSH vulnerabilities can be exploited only the product's management interfaces (web UI, CLD). Limiting the machines, IP addresses and subnets able to reach this physical network port reduces the threat. This reduces the CVSS v2 scores for multiple CVEs. The adjusted CVSS v2 base scores and severity are:\n\n * CVE-2014-2532 - 4.3 (MEDIUM) (AV:A/AC:M/Au:N/C:P/I:P/A:N)\n * CVE-2014-2653 - 4.3 (MEDIUM) (AV:A/AC:M/Au:N/C:P/I:P/A:N)\n * CVE-2015-5352 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:N/I:P/A:N)\n * CVE-2015-5600 - 6.8 (MEDIUM) (AV:A/AC:L/Au:N/C:P/I:N/A:C)\n\nBlue Coat products do not enable or use all functionality within OpenSSH. Products that do not utilize or enable the functionality described in a CVE are not vulnerable to that CVE. However, fixes for those CVEs will be included in the patches that are provided. The following products include vulnerable versions of OpenSSH, but do not use the functionality described in the CVEs and are not known to be vulnerable.\n\n * **ASG:** CVE-2014-2532, CVE-2015-5600, CVE-2015-6563, and CVE-2015-6564\n * **CAS:** CVE-2015-5352 and CVE-2015-5600\n * **Director:** CVE-2015-5352\n * **MAA:** CVE-2015-5352\n * **MTD:** CVE-2015-5352 and CVE-2015-5600\n * **MC:** CVE-2015-5352 and CVE-2015-5600\n * **PS S-Series:** CVE-2014-2653 and CVE-2015-5352\n * **PC S-Series:** CVE-2015-5352\n * **Reporter 10.1:** CVE-2014-2532, CVE-2014-2653, CVE-2015-5352, and CVE-2015-5600\n * **Security Analytics:** CVE-2015-5352\n * **SSLV:** CVE-2014-2653, CVE-2015-5352, and CVE-2015-5600\n * **XOS:** CVE-2015-5352\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuthConnector \nBCAAA \nBlue Coat HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nPacketShaper \nPolicyCenter \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nProxySG \nUnified Agent \nWeb Isolation**\n\nBlue Coat no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2014-1692** \n--- \n**Severity / CVSSv2** | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 65230](<https://www.securityfocus.com/bid/65230>) / NVD: [CVE-2014-1692](<https://nvd.nist.gov/vuln/detail/CVE-2014-1692>) \n**Impact** | Denial of service, unspecified other impact \n**Description** | A flaw allows an attacker to cause memory corruption, resulting in a denial of service or unspecified other impact. \n \n \n\n**CVE-2014-2532** \n--- \n**Severity / CVSSv2** | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n**References** | SecurityFocus: [BID 66355](<https://www.securityfocus.com/bid/66355>) / NVD: [CVE-2014-2532](<https://nvd.nist.gov/vuln/detail/CVE-2014-2532>) \n**Impact** | Security control bypass \n**Description** | A flaw allows an attacker to pass environment variables to a server SSH session and bypass intended environment variable restrictions. \n \n \n\n**CVE-2014-2653** \n--- \n**Severity / CVSSv2** | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n**References** | SecurityFocus: [BID 66459](<https://www.securityfocus.com/bid/66459>) / NVD: [CVE-2014-2653](<https://nvd.nist.gov/vuln/detail/CVE-2014-2653>) \n**Impact** | Security control bypass \n**Description** | A flaw allows an attacker to cause SSH clients to skip SSHFP DNS record checks when establishing SSH connections. \n \n \n\n**CVE-2014-9278** \n--- \n**Severity / CVSSv2** | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 71420](<https://www.securityfocus.com/bid/71420>) / NVD: [CVE-2014-9278](<https://nvd.nist.gov/vuln/detail/CVE-2014-9278>) \n**Impact** | Security control bypass \n**Description** | A flaw allows a remote attacker in a Kerberos environment to log in as a different user if changing users is allowed only after local authentication. \n \n \n\n**CVE-2015-5352** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 75525](<https://www.securityfocus.com/bid/75525>) / NVD: [CVE-2015-5352](<https://nvd.nist.gov/vuln/detail/CVE-2015-5352>) \n**Impact** | Security control bypass \n**Description** | A flaw allows an attacker to bypass intended time window access restrictions when establishing X11 connections to SSH clients. \n \n \n\n**CVE-2015-5600** \n--- \n**Severity / CVSSv2** | High / 8.5 (AV:N/AC:L/Au:N/C:P/I:N/A:C) \n**References** | SecurityFocus: [BID 75990](<https://www.securityfocus.com/bid/75990>) / NVD: [CVE-2015-5600](<https://nvd.nist.gov/vuln/detail/CVE-2015-5600>) \n**Impact** | Information disclosure \n**Description** | A flaw allows an attacker to conduct brute-force password guessing attacks or cause denial of service in SSH servers that use keyboard interactive authentication. \n \n \n\n**CVE-2015-6563** \n--- \n**Severity / CVSSv2** | Low / 1.9 (AV:L/AC:M/Au:N/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 76317](<https://www.securityfocus.com/bid/76317>) / NVD: [CVE-2015-6563](<https://nvd.nist.gov/vuln/detail/CVE-2015-6563>) \n**Impact** | Privilege escalation \n**Description** | A flaw allows a local attacker with valid user credentials to achieve privilege escalation if the attacker has already compromised a local non-privileged pre-authentication process. \n \n \n\n**CVE-2015-6564** \n--- \n**Severity / CVSSv2** | Medium / 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 76317](<https://www.securityfocus.com/bid/76317>) / NVD: [CVE-2015-6564](<https://nvd.nist.gov/vuln/detail/CVE-2015-6564>) \n**Impact** | Denial of service, privilege escalation \n**Description** | A flaw allows a local attacker to cause the SSH daemon to crash or execute arbitrary code with root privileges if the attacker has already compromised a local non-privileges pre-authentication process. \n \n \n\n**CVE-2015-6565** \n--- \n**Severity / CVSSv2** | High / 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 76497](<https://www.securityfocus.com/bid/76497>) / NVD: [CVE-2015-6565](<https://nvd.nist.gov/vuln/detail/CVE-2015-6565>) \n**Impact** | Denial of service, unspecified other impact \n**Description** | A flaw that allows a local attacker to cause denial-of-service or have unspecified other impact through writing to TTY device files. \n \n \n\n### MITIGATION\n\nThese vulnerabilities can be exploited only through the management interfaces for all vulnerable products. Allowing only machines, IP addresses and subnets from a trusted network to access the management interface reduces the threat of exploiting the vulnerabilities.\n\nBy default, Director does not configure its OpenSSH software to accept environment variables from clients or to use keyboard interactive authentication. Customers who leave this default behavior unchanged prevent attacks against Director using CVE-2014-2532 and CVE-2015-5600.\n\nBy default, MAA does not use SSH as a client, does not use SSH in a Kerberos environment, and does not configure its OpenSSH software to use keyboard interactive authentication. Customers who leave this default behavior unchanged prevent attacks against MAA using CVE-2014-2653 and CVE-2015-5600.\n\nBy default, Security Analytics does not use SSH in a Kerberos environment. Also, it does not configure its OpenSSH software to accept environment variables from clients or to use keyboard interactive authentication. Customers who leave this default behavior unchanged prevent attacks against Security Analytics using CVE-2014-2532 and and CVE-2015-5600.\n\nBy default, XOS does not use SSH as a client and does not configure its OpenSSH software to accept environment variables from clients or to use keyboard interactive authentication. Customers who leave this default behavior unchanged prevent attacks against XOS using CVE-2014-2532, CVE-2014-2653, CVE-2015-5600. \n \n\n\n### REFERENCES\n\nOpenSSH security announcements - <https://www.openssh.com/security.html> \n \n\n\n### REVISION\n\n2020-04-20 Security Analytics 7.3, 8.0, and 8.1 are not vulnerable to CVE-2014-2532. Industrial Control System Protection (ICSP) 5.4 is not vulnerable because a fix is available in 5.4.1. Advisory status moved to Closed. \n2019-10-02 Web Isolation is not vulnerable. \n2019-08-29 Reporter 10.3 and 10.4 have vulnerable versions of OpenSSH for CVE-2014-2532, but are not vulnerable to known vectors of attack. \n2019-01-20 SA 7.3 starting with 7.3.2 and 8.0 are vulnerable to CVE-2014-2532. \n2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-22 PacketShaper S-Series 11.10 is not vulnerable. \n2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1. \n2017-08-02 SSLV 4.1 is not vulnerable. \n2017-07-24 PacketShaper S-Series 11.9 is not vulnerable. \n2017-07-20 MC 1.10 is not vulnerable. \n2017-06-22 Security Analytics 7.3 is not vulnerable. \n2017-06-05 PacketShaper S-Series 11.8 is not vulnerable. \n2017-05-17 CAS 2.1 is not vulnerable. \n2017-03-06 MC 1.8 is not vulnerable. SSLV 4.0 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support. \n2017-02-16 Previously, it was reported that Security Analytics by default is not vulnerable to CVE-2014-2653 because it does not act as an SSH client. Further investigation has shown that Security Analytics acts as an SSH client and is vulnerable to CVE-2014-2653 by default. \n2016-11-29 A fix for Director is available in 6.1.22.1. PacketShaper S-Series 11.7 is not vulnerable. SSLV 3.11 is not vulnerable. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. \n2016-11-08 A fix for all CVEs in ASG is available in 6.6.5.1. \n2016-11-07 SSLV 3.10 is not vulnerable \n2016-09-22 A fix for all CVEs in Reporter 10.1 is available in 10.1.4.2. MC 1.6 and 1.7 are not vulnerable because they have the vulnerability fixes. Further vulnerability fixes for MC 1.4 and 1.5 will not be provided. Please upgrade to the latest MC version with the vulnerability fixes. \n2016-09-01 A fix for SSLV 3.8.4FC is available in 3.8.4FC-55. \n2016-08-12 A fix for all CVEs in CAS 1.3 is available in 1.3.7.1. Security Analytics 7.2 is not vulnerable. \n2016-06-30 PacketShaper S-Series is not vulnerable. \n2016-06-28 Fixed typos in Affected Products, Advisory Details, and Patches sections. \n2016-06-27 Fixes will not be provided for PacketShaper S-Series 11.2, 11.3, and 11.4. Please upgrade to a later version with the vulnerability fixes. \n2016-06-24 A fix for CVE-2014-2653 in PS S-Series is available in 11.5.2.1. A fix for all CVEs in PS S-Series is available in 11.5.3.2. A fix for PC S-Series is available in 1.1.2.2. \n2016-06-22 A fix for CVE-2014-2532 is available in ASG 6.6.3.1. \n2016-06-22 Previously, it was reported that ASG 6.6 is not vulnerable to CVE-2014-2532, CVE-2015-5600, CVE-2015-6563, and CVE-2015-6564. Further investigation has shown that ASG 6.6 has a vulnerable version of OpenSSH for multiple CVEs, but is not vulnerable to known vectors of attack. \n2016-06-16 PC S-Series is vulnerable to CVE-2015-6563 and CVE-2015-6564. It also has vulnerable code for CVE-2015-5352, but is not vulnerable to known vectors of attack. A fix is not available at this time. \n2016-06-14 A fix for SA 7.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2016-06-13 Fixes for ICSP, NNP, and NSP are available in 5.3.6. \n2016-05-26 Fixes for CVE-2015-5352 in Security Analytics 6.6 and 7.1 are available through patch RPMs from Blue Coat Support. \n2016-05-19 Fixes for all CVEs except CVE-2015-5352 are available in Security Analytics 6.6.12 and 7.1.11. \n2016-05-11 No Cloud Data Protection products are vulnerable. \n2016-04-27 A fix for CVE-2015-5600 in MTD 1.1 is available in 1.1.2.1. \n2016-04-24 MTD 1.1 is vulnerable to CVE-2015-6563 and CVE-2015-6564. It also have vulnerable code for CVE-2015-5352 and CVE-2015-5600, but is not vulnerable to known vectors of attack. \n2016-04-22 It was previously reported that Security Analytics 6.6, 7.0, and 7.1 are vulnerable to CVE-2014-9278, and that Reporter 10.1 has vulnerable code for CVE-2014-9278. New information indicates that SA and Reporter are not vulnerable to this CVE. \n2016-04-19 Fixes for CVE-2014-2532 and CVE-2015-5600 in PS S-Series 11.5 are available in 11.5.2.1. \n2016-04-15 Fixes will not be provided for CAS 1.1 and 1.2. Please upgrade to a later version with the vulnerability fixes. \n2016-03-14 A fix for CVE-2014-2532 and CVE-2014-2653 in CAS 1.3 is available in 1.3.6.1. \n2016-03-10 A fix for MAA 4.2 is available in 4.2.8. It was previously reported that MAA 4.2 is vulnerable to CVE-2014-9278, but further investigation has shown that it is not vulnerable to that CVE. \n2016-03-04 A fix for CVE-2014-2532 and CVE-2014-2653 is available in Reporter 10.1.3.1. \n2016-01-21 A fix for SSLV 3.9 is available. \n2016-01-15 A fix for SSLV 3.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2015-12-22 MC 1.5 contains fixes for CVE-2014-2532 and CVE-2014-2653. It is vulnerable to or has vulnerable code for other CVEs, and fixes are pending. \n2015-12-21 CAS, Director, MAA, MC, PacketShaper, Reporter 10.1, Security Analytics, SSLV, and XOS have vulnerable OpenSSH software, but do not use the vulnerable functionality and are not known to be vulnerable. The vulnerable software will be patched in future releases. \n2015-12-10 Security Analytics 6.6, 7.0, and 7.1 are vulnerable. \n2015-12-09 initial public release\n", "modified": "2020-04-20T19:43:02", "published": "2015-12-08T08:00:00", "id": "SMNTC-1337", "href": "", "type": "symantec", "title": "SA104 : OpenSSH Vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}]}
