ID

VAR-201508-0112


CVE

CVE-2015-6563


TITLE

OpenBSD Run on other platforms OpenSSH of sshd Vulnerabilities that allow spoofing attacks in the monitor component

Trust: 0.8

sources: JVNDB: JVNDB-2015-004403

DESCRIPTION

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. OpenSSH (OpenBSD Secure Shell) is a set of connection tools maintained by the OpenBSD project group for secure access to remote computers. This tool is an open source implementation of the SSH protocol, which supports encryption of all transmissions and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. A remote code execution vulnerability exists in OpenSSH. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Failed exploit attempts may result in denial-of-service conditions. There is a security vulnerability in the monitor component in the sshd of OpenSSH 6.9 and earlier versions based on non-OpenBSD platforms. The vulnerability is caused by the program incorrectly receiving the external username data in the MONITOR_REQ_PAM_INIT_CTX request. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address the following: Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. These were addressed by updating PHP to versions 5.5.29 and 5.4.45. CVE-ID CVE-2015-0235 CVE-2015-0273 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 ATS Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in ATS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team Audio Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code Description: An uninitialized memory issue existed in coreaudiod. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-7003 : Mark Brand of Google Project Zero Audio Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Playing a malicious audio file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of audio files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5933 : Apple CVE-2015-5934 : Apple Bom Available for: OS X El Capitan 10.11 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd of Azimuth Security CFNetwork Available for: OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero EFI Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was addressed by removing the affected functions. CVE-ID CVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT/CC File Bookmark Available for: OS X El Capitan 10.11 Impact: Browsing to a folder with malformed bookmarks may cause unexpected application termination Description: An input validation issue existed in parsing bookmark metadata. This issue was addressed through improved validation checks. CVE-ID CVE-2015-6987 : Luca Todesco (@qwertyoruiop) FontParser Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team FontParser Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team Grand Central Dispatch Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: Multiple out of bounds read issues existed in the NVIDIA graphics driver. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7019 : Ian Beer of Google Project Zero CVE-2015-7020 : Moony Li of Trend Micro Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7021 : Moony Li of Trend Micro ImageIO Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues were addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5938 : Apple ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues were addressed through improved metadata validation. CVE-ID CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: OS X Yosemite v10.10.5 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in the validation of Mach tasks. This issue was addressed through improved Mach task validation. CVE-ID CVE-2015-5932 : Luca Todesco (@qwertyoruiop), Filippo Bigarella Kernel Available for: OS X El Capitan 10.11 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: OS X El Capitan 10.11 Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-ID CVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer MCX Application Restrictions Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: A developer-signed executable may acquire restricted entitlements Description: An entitlement validation issue existed in Managed Configuration. A developer-signed app could bypass restrictions on use of restricted entitlements and elevate privileges. This issue was addressed through improved provisioning profile validation. CVE-ID CVE-2015-7016 : Apple Net-SNMP Available for: OS X El Capitan 10.11 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple issues existed in netsnmp version 5.6. These issues were addressed by using patches affecting OS X from upstream. CVE-ID CVE-2012-6151 CVE-2014-3565 OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple OpenSSH Available for: OS X El Capitan 10.11 Impact: A local user may be able to conduct impersonation attacks Description: A privilege separation issue existed in PAM support. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH Sandbox Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An input validation issue existed when handling NVRAM parameters. This issue was addressed through improved validation. CVE-ID CVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical Institute, Apple Script Editor Available for: OS X El Capitan 10.11 Impact: An attacker may trick a user into running arbitrary AppleScript Description: In some circumstances, Script Editor did not ask for user confirmation before executing AppleScripts. This issue was addressed by prompting for user confirmation before executing AppleScripts. CVE-ID CVE-2015-7007 : Joe Vennix of Rapid7 Security Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team SecurityAgent Available for: OS X El Capitan 10.11 Impact: A malicious application can programmatically control keychain access prompts Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows. CVE-ID CVE-2015-5943 Installation note: OS X El Capitan v10.11.1 includes the security content of Safari 9.0.1: https://support.apple.com/kb/HT205377 OS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKsAAoJEBcWfLTuOo7t8e0P/igVHKDXeLNib2eEzbS2BMVV Ee968BgEDw1xnHK8zzh3bbRNxxAUT9lwe8RuSYECfp8sUYySb51/VIWpmidewsqB az7mJ4Gohldppejc5tykHDoTYesQL7iySLn74PdxZfZXbtz2EGJK19cA6hIHcO5x ZiMCbJzTaAOylKRQRRi3kMdNWEzxbtm90247vNx/zMSjs1bhGlQbJsCVDmX/Q9uH Xja9aPCHDfaQueTw5idbXwT+Y/+I9ytBlL5JXVrjRUDYCtuewC4DNsQxZY0qcDyE A7/0G7iYW5vOECNhpoLA0+1MbdHxJXhwJtmIKX8zucYqe/Vr4j41oGey/HJW55ER USJ2RBpMtGhDEolyvxz7FlSPYOIpp05mwMB0GWQWAmkWDAxnagkQm9xwKBMt4eq4 CNdI0YaX0iPPWYIkI3HpZHdzuwbE5b053cw1hLKc0OVQBiqLUQxe3W5s64ZqTSe0 whlm9lt/9EUwyfXHEiXTYi/d+CF8+JthY4ieXRJ4mwz77udafmgA5Pbl71SqB8pE 7TBByuCOFdou6JmdJPahLDxoGRA+i7Z+a8Myn4WtbemkjrO9iZ/VsdAdl/Db+7cz rEgSPjelEC5z5WxQspiuohxU1NkDnMgWm2Tnx+pFBOfZMheE4xnTfve3vqY+gQdN 4GbuRXld4PbxeDdel0Nk =snJ4 -----END PGP SIGNATURE----- . 6) - i386, x86_64 3. Security Fix(es): * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-6564) * An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2015:2088-06 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2088.html Issue date: 2015-11-19 CVE Names: CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 ===================================================================== 1. Summary: Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563) A use-after-free flaw was found in OpenSSH. (CVE-2015-6564) It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) It was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238) This update fixes the following bugs: * Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007) * The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377) * When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to "2", multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112) * The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells. (BZ#1201758) * Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once. (BZ#1240613) In addition, this update adds the following enhancements: * As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched. (BZ#1201753) * With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP). (BZ#1197989) * This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP. (BZ#1184938) * With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange. (BZ#1253062) Users of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1125110 - pam_namespace usage is not consistent across system-wide PAM configuration 1160377 - sftp is failing using wildcards and many files 1178116 - Default selinux policy prevents ssh-ldap-helper from connecting to LDAP server 1181591 - No Documentation= line in the sshd.service file 1184938 - Provide LDIF version of LPK schema 1187597 - sshd -T does not show all (default) options, inconsistency 1197666 - ssh client using HostbasedAuthentication aborts in FIPS mode 1197989 - RFE: option to let openssh/sftp force the exact permissions on newly uploaded files 1238238 - openssh: weakness of agent locking (ssh-add -x) to password guessing 1245969 - CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices 1252844 - CVE-2015-6563 openssh: Privilege separation weakness related to PAM support 1252852 - CVE-2015-6564 openssh: Use-after-free bug related to PAM support 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm aarch64: openssh-6.6.1p1-22.el7.aarch64.rpm openssh-clients-6.6.1p1-22.el7.aarch64.rpm openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm openssh-keycat-6.6.1p1-22.el7.aarch64.rpm openssh-server-6.6.1p1-22.el7.aarch64.rpm ppc64: openssh-6.6.1p1-22.el7.ppc64.rpm openssh-askpass-6.6.1p1-22.el7.ppc64.rpm openssh-clients-6.6.1p1-22.el7.ppc64.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm openssh-keycat-6.6.1p1-22.el7.ppc64.rpm openssh-server-6.6.1p1-22.el7.ppc64.rpm ppc64le: openssh-6.6.1p1-22.el7.ppc64le.rpm openssh-askpass-6.6.1p1-22.el7.ppc64le.rpm openssh-clients-6.6.1p1-22.el7.ppc64le.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm openssh-keycat-6.6.1p1-22.el7.ppc64le.rpm openssh-server-6.6.1p1-22.el7.ppc64le.rpm s390x: openssh-6.6.1p1-22.el7.s390x.rpm openssh-askpass-6.6.1p1-22.el7.s390x.rpm openssh-clients-6.6.1p1-22.el7.s390x.rpm openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm openssh-keycat-6.6.1p1-22.el7.s390x.rpm openssh-server-6.6.1p1-22.el7.s390x.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: openssh-askpass-6.6.1p1-22.el7.aarch64.rpm openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm openssh-ldap-6.6.1p1-22.el7.aarch64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.aarch64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.aarch64.rpm ppc64: openssh-debuginfo-6.6.1p1-22.el7.ppc.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm openssh-ldap-6.6.1p1-22.el7.ppc64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.ppc64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64.rpm ppc64le: openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm openssh-ldap-6.6.1p1-22.el7.ppc64le.rpm openssh-server-sysvinit-6.6.1p1-22.el7.ppc64le.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64le.rpm s390x: openssh-debuginfo-6.6.1p1-22.el7.s390.rpm openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm openssh-ldap-6.6.1p1-22.el7.s390x.rpm openssh-server-sysvinit-6.6.1p1-22.el7.s390x.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.s390.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.s390x.rpm x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5600 https://access.redhat.com/security/cve/CVE-2015-6563 https://access.redhat.com/security/cve/CVE-2015-6564 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWTj/BXlSAg2UNWIIRAgIEAJ4+Nlu4NsYtiDloNVrVn2F/vT/9kACdEHqE h3XwDOy3+OSs/h1DEpVBtV0= =x/s+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201512-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: December 20, 2015 Bugs: #553724, #555518, #557340 ID: 201512-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Please review the CVE identifiers referenced below for details. Impact ====== Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.9_p1-r2" References ========== [ 1 ] CVE-2015-5352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5352 [ 2 ] CVE-2015-5600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5600 [ 3 ] CVE-2015-6563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6563 [ 4 ] CVE-2015-6564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6564 [ 5 ] CVE-2015-6565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6565 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201512-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.97

sources: NVD: CVE-2015-6563 // JVNDB: JVNDB-2015-004403 // CNNVD: CNNVD-201508-115 // BID: 76317 // VULHUB: VHN-84524 // VULMON: CVE-2015-6563 // PACKETSTORM: 134055 // PACKETSTORM: 136959 // PACKETSTORM: 134475 // PACKETSTORM: 135009

AFFECTED PRODUCTS

vendor:openbsdmodel:opensshscope:lteversion:6.9

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.11.0

Trust: 1.0

vendor:openbsdmodel:opensshscope:ltversion:7.0

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.0

Trust: 0.6

vendor:junipermodel:nsmexpressscope:eqversion: -

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 0.3

vendor:junipermodel:nsm3000scope:eqversion: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:7.9.0.0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.3.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.09

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.211

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:6.5

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.08

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.214

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.1.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.19

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ibmmodel:security identity manager virtual appliancescope:eqversion:7.0.1.3

Trust: 0.3

vendor:ibmmodel:security privileged identity managerscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.0.410

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.08

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.4.0.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.213

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.403

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.219

Trust: 0.3

vendor:ibmmodel:storwizescope:eqversion:v3500-

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.113

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:6.6

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:3.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:pexipmodel:infinityscope:neversion:10.1

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:6.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.22

Trust: 0.3

vendor:ibmmodel:security identity manager virtual appliancescope:eqversion:7.0.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.404

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.7

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.010

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:junipermodel:nsm4000scope:eqversion:0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.110

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.413

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.2.0.0

Trust: 0.3

vendor:ibmmodel:storwizescope:eqversion:v3700-

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:storwizescope:eqversion:v5000-

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.36

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.401

Trust: 0.3

vendor:ibmmodel:san volume controllerscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.8

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:ibmmodel:security identity manager virtual appliancescope:eqversion:7.0.0.3

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1165239scope: - version: -

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:security identity manager virtual appliancescope:eqversion:7.0.0.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.5

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ibmmodel:security privileged identity manager fixpackscope:neversion:2.0.28

Trust: 0.3

vendor:ibmmodel:storwizescope:eqversion:v7000

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.5.0.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.12

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.400

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.2h968406scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.46

Trust: 0.3

vendor:ibmmodel:security identity manager virtual appliancescope:eqversion:7.0.0.2

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:6.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.26

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.415

Trust: 0.3

vendor:oraclemodel:solaris sruscope:neversion:11.35.6

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.412

Trust: 0.3

vendor:ibmmodel:security identity manager virtual appliancescope:eqversion:7.0.1.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.405

Trust: 0.3

vendor:opensshmodel:opensshscope:neversion:7.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.3.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:6.9

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:6.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.6.406-3402.103

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.09

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2015

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.4

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.218

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.6

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1157986scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.42

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:security identity manager virtual appliancescope:eqversion:7.0.1.1

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.0.411

Trust: 0.3

vendor:pexipmodel:infinityscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:security identity governance and intelligencescope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.402

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.4.01

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

sources: BID: 76317 // JVNDB: JVNDB-2015-004403 // CNNVD: CNNVD-201508-504 // NVD: CVE-2015-6563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6563
value: LOW

Trust: 1.0

NVD: CVE-2015-6563
value: LOW

Trust: 0.8

CNNVD: CNNVD-201508-504
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84524
value: LOW

Trust: 0.1

VULMON: CVE-2015-6563
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-6563
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-84524
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84524 // VULMON: CVE-2015-6563 // JVNDB: JVNDB-2015-004403 // CNNVD: CNNVD-201508-504 // NVD: CVE-2015-6563

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-84524 // JVNDB: JVNDB-2015-004403 // NVD: CVE-2015-6563

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-115

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201508-115

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004403

PATCH

title:APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

Trust: 0.8

title:HT205375url:https://support.apple.com/en-us/HT205375

Trust: 0.8

title:HT205375url:https://support.apple.com/ja-jp/HT205375

Trust: 0.8

title:Don't resend username to PAM; it already has it.url:https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b

Trust: 0.8

title:release-7.0url:http://www.openssh.com/txt/release-7.0

Trust: 0.8

title:OpenSSH sshd monitor Fixes for component input validation vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=90847

Trust: 0.6

title:Red Hat: Moderate: openssh security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152088 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2015-6563url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-6563

Trust: 0.1

title:Debian CVElist Bug Report Logs: openssh: CVE-2015-6563 CVE-2015-6564url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=73eb91ff53511af2767cd29878bd74dc

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-592url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-592

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-625url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-625

Trust: 0.1

title:Symantec Security Advisories: SA104 : OpenSSH Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=b643e473a764678a8d1ded300d5699b6

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=83bbd91f8369c8f064e6d68dac68400f

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8

Trust: 0.1

title:manual-detectionurl:https://github.com/CyCognito/manual-detection

Trust: 0.1

title:DC-2-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough

Trust: 0.1

title:DC-1-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough

Trust: 0.1

sources: VULMON: CVE-2015-6563 // JVNDB: JVNDB-2015-004403 // CNNVD: CNNVD-201508-504

EXTERNAL IDS

db:NVDid:CVE-2015-6563

Trust: 3.3

db:BIDid:76317

Trust: 2.7

db:SIEMENSid:SSA-412672

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2015/08/22/1

Trust: 1.8

db:JVNid:JVNVU92655282

Trust: 0.8

db:JVNDBid:JVNDB-2015-004403

Trust: 0.8

db:CNNVDid:CNNVD-201508-504

Trust: 0.7

db:CNNVDid:CNNVD-201508-115

Trust: 0.6

db:JUNIPERid:JSA10774

Trust: 0.3

db:VULHUBid:VHN-84524

Trust: 0.1

db:ICS CERTid:ICSA-22-349-21

Trust: 0.1

db:VULMONid:CVE-2015-6563

Trust: 0.1

db:PACKETSTORMid:134055

Trust: 0.1

db:PACKETSTORMid:136959

Trust: 0.1

db:PACKETSTORMid:134475

Trust: 0.1

db:PACKETSTORMid:135009

Trust: 0.1

sources: VULHUB: VHN-84524 // VULMON: CVE-2015-6563 // BID: 76317 // JVNDB: JVNDB-2015-004403 // PACKETSTORM: 134055 // PACKETSTORM: 136959 // PACKETSTORM: 134475 // PACKETSTORM: 135009 // CNNVD: CNNVD-201508-115 // CNNVD: CNNVD-201508-504 // NVD: CVE-2015-6563

REFERENCES

url:http://www.securityfocus.com/bid/76317

Trust: 3.0

url:http://www.openssh.com/txt/release-7.0

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 2.1

url:https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b

Trust: 2.1

url:https://security.gentoo.org/glsa/201512-04

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-0741.html

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20180201-0002/

Trust: 1.8

url:https://support.apple.com/ht205375

Trust: 1.8

url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-august/165170.html

Trust: 1.8

url:http://seclists.org/fulldisclosure/2015/aug/54

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2015/08/22/1

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6563

Trust: 0.8

url:http://jvn.jp/vu/jvnvu92655282/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6563

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-6563

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2015-6563

Trust: 0.3

url:https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7

Trust: 0.3

url:http://www.openssh.com

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10774&actp=rss

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/openssh_advisory6.asc

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024087

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024669

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1021524

Trust: 0.3

url:http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-08-21.pdf

Trust: 0.3

url:https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009325

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21987978

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21988706

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21990741

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21992927

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-6564

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-6564

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5352

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-5600

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2015:2088

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=41651

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5936

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6836

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5924

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6834

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5944

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6837

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5940

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5933

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5939

Trust: 0.1

url:https://support.apple.com/kb/ht205377

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5934

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6835

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6151

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6974

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0273

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5937

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5932

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.8_release_notes/index.html

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.8_technical_notes/index.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5352

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1908

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1908

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2015-2088.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5600

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5352

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6565

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6565

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5600

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6563

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6564

Trust: 0.1

sources: VULHUB: VHN-84524 // VULMON: CVE-2015-6563 // BID: 76317 // JVNDB: JVNDB-2015-004403 // PACKETSTORM: 134055 // PACKETSTORM: 136959 // PACKETSTORM: 134475 // PACKETSTORM: 135009 // CNNVD: CNNVD-201508-115 // CNNVD: CNNVD-201508-504 // NVD: CVE-2015-6563

CREDITS

Moritz Jodeit

Trust: 0.9

sources: BID: 76317 // CNNVD: CNNVD-201508-115

SOURCES

db:VULHUBid:VHN-84524
db:VULMONid:CVE-2015-6563
db:BIDid:76317
db:JVNDBid:JVNDB-2015-004403
db:PACKETSTORMid:134055
db:PACKETSTORMid:136959
db:PACKETSTORMid:134475
db:PACKETSTORMid:135009
db:CNNVDid:CNNVD-201508-115
db:CNNVDid:CNNVD-201508-504
db:NVDid:CVE-2015-6563

LAST UPDATE DATE

2024-11-23T21:25:42.777000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-84524date:2022-12-13T00:00:00
db:VULMONid:CVE-2015-6563date:2022-12-13T00:00:00
db:BIDid:76317date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2015-004403date:2015-10-27T00:00:00
db:CNNVDid:CNNVD-201508-115date:2015-08-13T00:00:00
db:CNNVDid:CNNVD-201508-504date:2022-12-14T00:00:00
db:NVDid:CVE-2015-6563date:2024-11-21T02:35:13.290

SOURCES RELEASE DATE

db:VULHUBid:VHN-84524date:2015-08-24T00:00:00
db:VULMONid:CVE-2015-6563date:2015-08-24T00:00:00
db:BIDid:76317date:2015-08-12T00:00:00
db:JVNDBid:JVNDB-2015-004403date:2015-08-26T00:00:00
db:PACKETSTORMid:134055date:2015-10-21T19:32:22
db:PACKETSTORMid:136959date:2016-05-11T13:59:48
db:PACKETSTORMid:134475date:2015-11-20T00:47:23
db:PACKETSTORMid:135009date:2015-12-21T23:23:00
db:CNNVDid:CNNVD-201508-115date:2015-08-13T00:00:00
db:CNNVDid:CNNVD-201508-504date:2015-08-25T00:00:00
db:NVDid:CVE-2015-6563date:2015-08-24T01:59:00.127