CVE-2018-15473

Опубликовано: 17 авг. 2018

Источник: nvd

CVSS3: 5.3

CVSS3: 5.9

CVSS2: 5

EPSS Критический

Описание

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Ссылки

http://www.openwall.com/lists/oss-security/2018/08/15/5
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/105140
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041487
Broken Link
Patch
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0711
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2143
Third Party Advisory
https://bugs.debian.org/906236
Issue Tracking
Mailing List
Patch
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Patch
Third Party Advisory
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
Patch
https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
Mailing List
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
Third Party Advisory
https://security.gentoo.org/glsa/201810-03
Third Party Advisory
https://security.netapp.com/advisory/ntap-20181101-0001/
Third Party Advisory
https://usn.ubuntu.com/3809-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4280
Third Party Advisory
https://www.exploit-db.com/exploits/45210/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45233/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45939/
Exploit
Third Party Advisory
VDB Entry
https://www.oracle.com/security-alerts/cpujan2020.html
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/08/15/5
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/105140
Broken Link
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Версия до 7.7 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*

Версия от 9.4 (включая)

cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*

Версия от 7.2 (включая)

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

Конфигурация 7

Одновременно

cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*

Версия от 7.2 (включая)

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*

Версия от 7.2 (включая)

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Конфигурация 9

cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*

Версия до 3.2.7 (исключая)

cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.90356

Критический

5.3 Medium

CVSS3

5.9 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2018-15473

CVSS3: 5.3

ubuntu

больше 7 лет назад

CVE-2018-15473

CVSS3: 5.3

redhat

больше 7 лет назад

CVE-2018-15473

CVSS3: 5.3

debian

больше 7 лет назад

OpenSSH through 7.7 is prone to a user enumeration vulnerability due t ...

openSUSE-SU-2021:1390-1

suse-cvrf

больше 4 лет назад

Security update for ssh-audit

openSUSE-SU-2021:1383-1

suse-cvrf

больше 4 лет назад

Security update for ssh-audit

EPSS

Процентиль: 100%

0.90356

Критический

5.3 Medium

CVSS3

5.9 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-362