Описание
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.
Отчет
This issue does not affect the default OpenSSH sshd configuration in Red Hat Enterprise Linux 4, 5, 6 and 7.
Меры по смягчению последствий
This issue can be mitigated by disabling keyboard-interactive authentication method. That can be achieved by setting "ChallengeResponseAuthentication no" in the /etc/ssh/sshd_config configuration file and restarting the sshd service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | openssh | Will not fix | ||
| Red Hat Enterprise Linux 5 | openssh | Will not fix | ||
| Red Hat Enterprise Linux 6 | openssh | Fixed | RHSA-2016:0466 | 21.03.2016 |
| Red Hat Enterprise Linux 7 | openssh | Fixed | RHSA-2015:2088 | 19.11.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH th ...
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
Уязвимость функции kbdint_next_device() службы sshd средства криптографической защиты OpenSSH, позволяющая нарушителю реализовать атаку методом «грубой силы» (brute force) или вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2