Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2016-0466

Опубликовано: 21 мар. 2016
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2016-0466: openssh security update (MODERATE)

[5.3p1-114]

  • CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (#1245969)

[5.3p1-113]

  • CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317816)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

openssh

5.3p1-114.el6_7

openssh-askpass

5.3p1-114.el6_7

openssh-clients

5.3p1-114.el6_7

openssh-ldap

5.3p1-114.el6_7

openssh-server

5.3p1-114.el6_7

pam_ssh_agent_auth

0.9.3-114.el6_7

Oracle Linux i686

openssh

5.3p1-114.el6_7

openssh-askpass

5.3p1-114.el6_7

openssh-clients

5.3p1-114.el6_7

openssh-ldap

5.3p1-114.el6_7

openssh-server

5.3p1-114.el6_7

pam_ssh_agent_auth

0.9.3-114.el6_7

Связанные CVE

CVE-2015-5600
CVE-2016-3115

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2016-3531

oracle-oval
больше 9 лет назад

ELSA-2016-3531: openssh security update (IMPORTANT)

ubuntu логотип

CVE-2015-5600

ubuntu
около 10 лет назад

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

redhat логотип

CVE-2015-5600

redhat
около 10 лет назад

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

nvd логотип

CVE-2015-5600

nvd
около 10 лет назад

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

debian логотип

CVE-2015-5600

debian
около 10 лет назад

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH th ...