what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2016-6515

Status Candidate

Overview

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Related Files

HPE Security Bulletin HPESBHF03779 1
Posted Oct 24, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03779 1 - A remotely exploitable denial of service vulnerability has been identified in HPE Fabric OS (FOS) running OpenSSH. This impacts versions prior to FOS v7.4.2. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-6515
MD5 | 5670c20018dc87ce4fd0d8b1f48d98a6
Red Hat Security Advisory 2017-2029-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2029-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh. Security Fix: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.

tags | advisory, remote, protocol
systems | linux, redhat, unix
advisories | CVE-2016-10009, CVE-2016-10011, CVE-2016-10012, CVE-2016-6210, CVE-2016-6515
MD5 | 4f8a28af393580faadbb14af7cbc682c
OpenSSH 7.2 Denial Of Service
Posted Dec 8, 2016
Authored by Kashinath T | Site secpod.com

OpenSSH versions 7.2 and below crypt CPU consumption denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2016-6515
MD5 | 0a051cacab2762d1fb6cc71ecb210afc
Ubuntu Security Notice USN-3061-1
Posted Aug 15, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3061-1 - Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could perform a timing attack and enumerate valid users. Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did not limit password lengths. A remote attacker could use this issue to cause OpenSSH to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-6210, CVE-2016-6515
MD5 | 6cd4c17a7cea97f346989d636afe8d94
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close