Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2016-3531

Опубликовано: 03 апр. 2016
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2016-3531: openssh security update (IMPORTANT)

[4.3p2-82.0.2]

  • CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (John Haxby) [orabug 22985024]
  • CVE-2016-3115: missing sanitisation of input for X11 forwarding (John Haxby) [orabug 22985024]

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

openssh

4.3p2-82.0.2.el5

openssh-askpass

4.3p2-82.0.2.el5

openssh-clients

4.3p2-82.0.2.el5

openssh-server

4.3p2-82.0.2.el5

Oracle Linux x86_64

openssh

4.3p2-82.0.2.el5

openssh-askpass

4.3p2-82.0.2.el5

openssh-clients

4.3p2-82.0.2.el5

openssh-server

4.3p2-82.0.2.el5

Oracle Linux i386

openssh

4.3p2-82.0.2.el5

openssh-askpass

4.3p2-82.0.2.el5

openssh-clients

4.3p2-82.0.2.el5

openssh-server

4.3p2-82.0.2.el5

Связанные CVE

CVE-2016-3115
CVE-2015-5600

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2016-0466

oracle-oval
больше 9 лет назад

ELSA-2016-0466: openssh security update (MODERATE)

ubuntu логотип

CVE-2015-5600

ubuntu
около 10 лет назад

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

redhat логотип

CVE-2015-5600

redhat
около 10 лет назад

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

nvd логотип

CVE-2015-5600

nvd
около 10 лет назад

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

debian логотип

CVE-2015-5600

debian
около 10 лет назад

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH th ...