ID

VAR-201508-0620


CVE

CVE-2015-5600


TITLE

Openssh of sshd of auth2-chall.c Inside kbdint_next_device Vulnerability to execute brute force attacks in functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-003969

DESCRIPTION

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. Openssh of sshd of auth2-chall.c Inside kbdint_next_device The function is a keyboard interaction within a single connection (keyboard-interactive) The brute force is not adequately restricted for device processing. (brute-force) Attacks or service disruption (CPU Resource consumption ) There are vulnerabilities that are put into a state.By a third party ssh of -oKbdInteractiveDevices Brute force through an overly long and redundant list of options (brute-force) Attacks or service disruption (CPU Resource consumption ) There is a possibility of being put into a state. OpenSSH is prone to a security-bypass weakness. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157667 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05157667 Version: 1 HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-06-01 Last Updated: 2016-06-01 Potential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial of Service (DoS), Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include: The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF). References: CVE-2016-0800 CVE-2016-0799 CVE-2016-2842 CVE-2015-1789 CVE-2015-1791 CVE-2015-3194 CVE-2015-0705 CVE-2015-5600 CVE-2014-3566 CVE-2008-5161 SSRT102281 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following firmware versions of Virtual Connect (VC) are impacted: HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21 Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842. The following products run the impacted versions of Virtual Connect (VC) firmware: HPE VC Flex-10 10Gb Enet Module HPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem HPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem HPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2016-0800 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2015-0705 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has provided an updated version of the BladeSystem c-Class Virtual Connect (VC) firmware to address these vulnerabilities. HPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50 The update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public /detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d HISTORY Version:1 (rev.1) - 1 June 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 6) - i386, x86_64 3. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. Bugs fixed (https://bugzilla.redhat.com/): 1245969 - CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices 1316829 - CVE-2016-3115 openssh: missing sanitisation of input for X11 forwarding 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2015:2088-06 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2088.html Issue date: 2015-11-19 CVE Names: CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 ===================================================================== 1. Summary: Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564) It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. (CVE-2015-5600) It was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238) This update fixes the following bugs: * Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007) * The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377) * When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to "2", multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112) * The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells. (BZ#1201758) * Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once. (BZ#1240613) In addition, this update adds the following enhancements: * As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched. (BZ#1201753) * With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP). (BZ#1197989) * This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP. (BZ#1184938) * With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange. (BZ#1253062) Users of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1125110 - pam_namespace usage is not consistent across system-wide PAM configuration 1160377 - sftp is failing using wildcards and many files 1178116 - Default selinux policy prevents ssh-ldap-helper from connecting to LDAP server 1181591 - No Documentation= line in the sshd.service file 1184938 - Provide LDIF version of LPK schema 1187597 - sshd -T does not show all (default) options, inconsistency 1197666 - ssh client using HostbasedAuthentication aborts in FIPS mode 1197989 - RFE: option to let openssh/sftp force the exact permissions on newly uploaded files 1238238 - openssh: weakness of agent locking (ssh-add -x) to password guessing 1245969 - CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices 1252844 - CVE-2015-6563 openssh: Privilege separation weakness related to PAM support 1252852 - CVE-2015-6564 openssh: Use-after-free bug related to PAM support 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm aarch64: openssh-6.6.1p1-22.el7.aarch64.rpm openssh-clients-6.6.1p1-22.el7.aarch64.rpm openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm openssh-keycat-6.6.1p1-22.el7.aarch64.rpm openssh-server-6.6.1p1-22.el7.aarch64.rpm ppc64: openssh-6.6.1p1-22.el7.ppc64.rpm openssh-askpass-6.6.1p1-22.el7.ppc64.rpm openssh-clients-6.6.1p1-22.el7.ppc64.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm openssh-keycat-6.6.1p1-22.el7.ppc64.rpm openssh-server-6.6.1p1-22.el7.ppc64.rpm ppc64le: openssh-6.6.1p1-22.el7.ppc64le.rpm openssh-askpass-6.6.1p1-22.el7.ppc64le.rpm openssh-clients-6.6.1p1-22.el7.ppc64le.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm openssh-keycat-6.6.1p1-22.el7.ppc64le.rpm openssh-server-6.6.1p1-22.el7.ppc64le.rpm s390x: openssh-6.6.1p1-22.el7.s390x.rpm openssh-askpass-6.6.1p1-22.el7.s390x.rpm openssh-clients-6.6.1p1-22.el7.s390x.rpm openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm openssh-keycat-6.6.1p1-22.el7.s390x.rpm openssh-server-6.6.1p1-22.el7.s390x.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: openssh-askpass-6.6.1p1-22.el7.aarch64.rpm openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm openssh-ldap-6.6.1p1-22.el7.aarch64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.aarch64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.aarch64.rpm ppc64: openssh-debuginfo-6.6.1p1-22.el7.ppc.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm openssh-ldap-6.6.1p1-22.el7.ppc64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.ppc64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64.rpm ppc64le: openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm openssh-ldap-6.6.1p1-22.el7.ppc64le.rpm openssh-server-sysvinit-6.6.1p1-22.el7.ppc64le.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64le.rpm s390x: openssh-debuginfo-6.6.1p1-22.el7.s390.rpm openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm openssh-ldap-6.6.1p1-22.el7.s390x.rpm openssh-server-sysvinit-6.6.1p1-22.el7.s390x.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.s390.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.s390x.rpm x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssh-6.6.1p1-22.el7.src.rpm x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5600 https://access.redhat.com/security/cve/CVE-2015-6563 https://access.redhat.com/security/cve/CVE-2015-6564 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWTj/BXlSAg2UNWIIRAgIEAJ4+Nlu4NsYtiDloNVrVn2F/vT/9kACdEHqE h3XwDOy3+OSs/h1DEpVBtV0= =x/s+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2710-2 August 18, 2015 openssh regression ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-2710-1 introduced a regression in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. (CVE number pending) Jann Horn discovered that OpenSSH incorrectly handled time windows for X connections. (CVE-2015-5600) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: openssh-server 1:6.7p1-5ubuntu1.3 Ubuntu 14.04 LTS: openssh-server 1:6.6p1-2ubuntu2.3 Ubuntu 12.04 LTS: openssh-server 1:5.9p1-5ubuntu1.7 In general, a standard system update will make all the necessary changes. VCX prior to 9.8.18 with OpenSSH or ISC BIND. + VCX 9.8.18 for the following Products/SKUs: - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr - JC517A HP VCX V7205 Platform w/DL 360 G6 Server - JE355A HP VCX V6000 Branch Platform 9.0 - JC516A HP VCX V7005 Platform w/DL 120 G6 Server - JC518A HP VCX Connect 200 Primry 120 G6 Server - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr - JE341A HP VCX Connect 100 Secondary - JE252A HP VCX Connect Primary MIM Module - JE253A HP VCX Connect Secondary MIM Module - JE254A HP VCX Branch MIM Module - JE355A HP VCX V6000 Branch Platform 9.0 - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod - JD023A HP MSR30-40 Router with VCX MIM Module - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS - JE340A HP VCX Connect 100 Pri Server 9.0 - JE342A HP VCX Connect 100 Sec Server 9.0 HISTORY Version:1 (rev.1) - 28 January 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201512-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: December 20, 2015 Bugs: #553724, #555518, #557340 ID: 201512-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/openssh < 7.1_p1-r2 >= 7.1_p1-r2 Description =========== Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact ====== Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.9_p1-r2" References ========== [ 1 ] CVE-2015-5352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5352 [ 2 ] CVE-2015-5600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5600 [ 3 ] CVE-2015-6563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6563 [ 4 ] CVE-2015-6564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6564 [ 5 ] CVE-2015-6565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6565 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201512-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2015-5600 // JVNDB: JVNDB-2015-003969 // BID: 75990 // VULMON: CVE-2015-5600 // PACKETSTORM: 137294 // PACKETSTORM: 136331 // PACKETSTORM: 133087 // PACKETSTORM: 134475 // PACKETSTORM: 133130 // PACKETSTORM: 135505 // PACKETSTORM: 135009

AFFECTED PRODUCTS

vendor:openbsdmodel:opensshscope:lteversion:6.9

Trust: 1.8

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2

Trust: 1.1

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.1

Trust: 1.1

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.0

Trust: 1.1

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.4

Trust: 0.8

vendor:hitachimodel:big-ipscope:eqversion:1500

Trust: 0.8

vendor:openbsdmodel:opensshscope:eqversion:6.9

Trust: 0.6

vendor:ubuntumodel:linuxscope:eqversion:15.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.4

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.3

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.2

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:opensshmodel:6.9p1scope: - version: -

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.13

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.28

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.2.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.4.0

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.9.

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.9

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.6

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.4

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2.10

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.3.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.2.0.9

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.1.5.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.1.5.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.0.0

Trust: 0.3

vendor:junipermodel:nsmexpressscope:eqversion: -

Trust: 0.3

vendor:junipermodel:nsm4000scope:eqversion:0

Trust: 0.3

vendor:junipermodel:nsm3000scope:eqversion: -

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.2.0

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module and san switch modulescope:eqversion:7.10

Trust: 0.3

vendor:ibmmodel:proventia network enterprise scannerscope:eqversion:2.3

Trust: 0.3

vendor:ibmmodel:flex system fc43171 8gb san switch and san pass-thruscope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module 3.66nscope: - version: -

Trust: 0.3

vendor:hpmodel:vcxscope:eqversion:9.8.17

Trust: 0.3

vendor:hpmodel:bladesystem c-class virtual connectscope:eqversion:4.45

Trust: 0.3

vendor:hpmodel:bladesystem c-class virtual connectscope:eqversion:4.30

Trust: 0.3

vendor:hpmodel:bladesystem c-class virtual connectscope:eqversion:4.21

Trust: 0.3

vendor:hpmodel:bladesystem c-class virtual connectscope:eqversion:3.62

Trust: 0.3

vendor:hpmodel:3par osscope:eqversion:3.1.3

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p9scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p6scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p13scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p10scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-release-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p9scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p8scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p7scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p4scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p27scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p24scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p23scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p20scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p19scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p17scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p16scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p15scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p14scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p13scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p12scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p11scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10.2

Trust: 0.3

vendor:freebsdmodel:10.1-release-p9scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p6scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.1-release-p1scope: - version: -

Trust: 0.3

vendor:f5model:big-ip gv0lb151-20nnnn1scope:eqversion:150010.0.1

Trust: 0.3

vendor:f5model:big-ip gv0lb151-20nnnn1scope:eqversion:15009.3.1

Trust: 0.3

vendor:f5model:big-ip gv0lb151-20nnnn1scope:eqversion:15009.1.3

Trust: 0.3

vendor:f5model:big-ip gv0lb151-10nnnn1scope:eqversion:150010.0.1

Trust: 0.3

vendor:f5model:big-ip gv0lb151-10nnnn1scope:eqversion:15009.3.1

Trust: 0.3

vendor:f5model:big-ip gv0lb151-10nnnn1scope:eqversion:15009.1.3

Trust: 0.3

vendor:f5model:big-ip gv0lb150-20nnnn0scope:eqversion:150010.0.1

Trust: 0.3

vendor:f5model:big-ip gv0lb150-20nnnn0scope:eqversion:15009.3.1

Trust: 0.3

vendor:f5model:big-ip gv0lb150-20nnnn0scope:eqversion:15009.1.3

Trust: 0.3

vendor:f5model:big-ip gv0lb150-10nnnn0scope:eqversion:150010.0.1

Trust: 0.3

vendor:f5model:big-ip gv0lb150-10nnnn0scope:eqversion:15009.3.1

Trust: 0.3

vendor:f5model:big-ip gv0lb150-10nnnn0scope:eqversion:15009.1.3

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:7

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:neversion:9.0.3.14.0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module and san switch modulescope:neversion:7.10.1.37.00

Trust: 0.3

vendor:ibmmodel:flex system fc43171 8gb san switch and san pass-thruscope:neversion:9.1.7.01.00

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module 3.66pscope:neversion: -

Trust: 0.3

vendor:hpmodel:vcxscope:neversion:9.8.18

Trust: 0.3

vendor:hpmodel:bladesystem c-class virtual connectscope:neversion:4.50

Trust: 0.3

vendor:hpmodel:3par os mu2scope:neversion:3.2.2

Trust: 0.3

vendor:hpmodel:3par os mu5scope:neversion:3.2.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.5

Trust: 0.3

sources: BID: 75990 // JVNDB: JVNDB-2015-003969 // CNNVD: CNNVD-201508-001 // NVD: CVE-2015-5600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5600
value: HIGH

Trust: 1.0

NVD: CVE-2015-5600
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201508-001
value: MEDIUM

Trust: 0.6

VULMON: CVE-2015-5600
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5600
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2015-5600 // JVNDB: JVNDB-2015-003969 // CNNVD: CNNVD-201508-001 // NVD: CVE-2015-5600

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2015-003969 // NVD: CVE-2015-5600

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 136331 // PACKETSTORM: 133087 // CNNVD: CNNVD-201508-001

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201508-001

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003969

PATCH

title:APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Trust: 0.8

title:HT205031url:https://support.apple.com/en-us/HT205031

Trust: 0.8

title:HT205031url:https://support.apple.com/ja-jp/HT205031

Trust: 0.8

title:CVS log for src/usr.bin/ssh/auth2-chall.curl:http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c

Trust: 0.8

title:Diff for /src/usr.bin/ssh/auth2-chall.c between version 1.42 and 1.43url:http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2016url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2016 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - October 2015url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 0.8

title:July 2016 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/july_2016_critical_patch_update

Trust: 0.8

title:OpenSSHの脆弱性(CVE-2015-5600)によるBIG-IP1500への影響についてurl:http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssh_cve20155600_big.html

Trust: 0.8

title:auth2-challurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=57086

Trust: 0.6

title:Red Hat: Moderate: openssh security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152088 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: openssh: CVE-2015-5352: XSECURITY restrictions bypass under certain conditions in sshurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cb1cb0a27af47a61a0356f0de0943be8

Trust: 0.1

title:Debian CVElist Bug Report Logs: openssh: CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevicesurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=6ddb8aa51aaa09b7fbd5a473e33cd0f9

Trust: 0.1

title:Ubuntu Security Notice: openssh vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2710-1

Trust: 0.1

title:Ubuntu Security Notice: openssh regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2710-2

Trust: 0.1

title:Red Hat: CVE-2015-5600url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-5600

Trust: 0.1

title:Debian CVElist Bug Report Logs: openssh: CVE-2015-6563 CVE-2015-6564url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=73eb91ff53511af2767cd29878bd74dc

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-625url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-625

Trust: 0.1

title:Symantec Security Advisories: SA104 : OpenSSH Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=b643e473a764678a8d1ded300d5699b6

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=83bbd91f8369c8f064e6d68dac68400f

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=92308e3c4d305e91c2eba8c9c6835e83

Trust: 0.1

title:Final_Project_CyberBootcampurl:https://github.com/pboonman196/Final_Project_CyberBootcamp

Trust: 0.1

title:IDS-Evasionurl:https://github.com/ahm3dhany/IDS-Evasion

Trust: 0.1

title:clair-laburl:https://github.com/sjourdan/clair-lab

Trust: 0.1

title:DC-2-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough

Trust: 0.1

title:DC-1-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough

Trust: 0.1

sources: VULMON: CVE-2015-5600 // JVNDB: JVNDB-2015-003969 // CNNVD: CNNVD-201508-001

EXTERNAL IDS

db:NVDid:CVE-2015-5600

Trust: 3.5

db:OPENWALLid:OSS-SECURITY/2015/07/23/4

Trust: 2.5

db:BIDid:75990

Trust: 2.0

db:MCAFEEid:SB10157

Trust: 1.7

db:MCAFEEid:SB10136

Trust: 1.7

db:BIDid:92012

Trust: 1.7

db:BIDid:91787

Trust: 1.7

db:SIEMENSid:SSA-412672

Trust: 1.7

db:SECTRACKid:1032988

Trust: 1.7

db:JUNIPERid:JSA10697

Trust: 1.7

db:JVNDBid:JVNDB-2015-003969

Trust: 0.8

db:CNNVDid:CNNVD-201508-001

Trust: 0.6

db:JUNIPERid:JSA10774

Trust: 0.3

db:MCAFEEid:SB10164

Trust: 0.3

db:ICS CERTid:ICSA-22-349-21

Trust: 0.1

db:VULMONid:CVE-2015-5600

Trust: 0.1

db:PACKETSTORMid:137294

Trust: 0.1

db:PACKETSTORMid:136331

Trust: 0.1

db:PACKETSTORMid:133087

Trust: 0.1

db:PACKETSTORMid:134475

Trust: 0.1

db:PACKETSTORMid:133130

Trust: 0.1

db:PACKETSTORMid:135505

Trust: 0.1

db:PACKETSTORMid:135009

Trust: 0.1

sources: VULMON: CVE-2015-5600 // BID: 75990 // JVNDB: JVNDB-2015-003969 // PACKETSTORM: 137294 // PACKETSTORM: 136331 // PACKETSTORM: 133087 // PACKETSTORM: 134475 // PACKETSTORM: 133130 // PACKETSTORM: 135505 // PACKETSTORM: 135009 // CNNVD: CNNVD-201508-001 // NVD: CVE-2015-5600

REFERENCES

url:http://openwall.com/lists/oss-security/2015/07/23/4

Trust: 2.5

url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 2.0

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 2.0

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 2.0

url:http://www.ubuntu.com/usn/usn-2710-1

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-0466.html

Trust: 1.8

url:https://security.gentoo.org/glsa/201512-04

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2710-2

Trust: 1.8

url:http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h

Trust: 1.7

url:http://seclists.org/fulldisclosure/2015/jul/92

Trust: 1.7

url:http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-july/162955.html

Trust: 1.7

url:https://support.apple.com/kb/ht205031

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128992

Trust: 1.7

url:http://www.securityfocus.com/bid/91787

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 1.7

url:http://www.securityfocus.com/bid/75990

Trust: 1.7

url:http://www.securityfocus.com/bid/92012

Trust: 1.7

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10157

Trust: 1.7

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04952480

Trust: 1.7

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10697

Trust: 1.7

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10136

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-august/165170.html

Trust: 1.7

url:http://www.securitytracker.com/id/1032988

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20151106-0001/

Trust: 1.7

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

Trust: 1.7

url:https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5600

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5600

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-5600

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2015-5600

Trust: 0.3

url:http://seclists.org/oss-sec/2015/q3/156

Trust: 0.3

url:http://seclists.org/bugtraq/2015/jul/134

Trust: 0.3

url:http://seclists.org/bugtraq/2015/jul/141

Trust: 0.3

url:http://www.openssh.com

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10774&actp=rss

Trust: 0.3

url:http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04952480

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05128992

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10164

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099240

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098977

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21969670

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21980969

Trust: 0.3

url:http://www.hitachi.co.jp/products/it/server/security/global/info/vulnerable/openssh_cve20155600_big.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-5352

Trust: 0.3

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n

Trust: 0.2

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.2

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6563

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6564

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2015:2088

Trust: 0.1

url:https://github.com/pboonman196/final_project_cyberbootcamp

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2710-1/

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=40178

Trust: 0.1

url:http://h20564.www2.hpe.com/hpsc/swd/public

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3194

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-5161

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0800

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2842

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1791

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-3115

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3115

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-5ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.2

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2015-2088.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6563

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6564

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.7

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-5ubuntu1.3

Trust: 0.1

url:https://launchpad.net/bugs/1485719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5477

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5722

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5352

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6565

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6565

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5600

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6563

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6564

Trust: 0.1

sources: VULMON: CVE-2015-5600 // BID: 75990 // JVNDB: JVNDB-2015-003969 // PACKETSTORM: 137294 // PACKETSTORM: 136331 // PACKETSTORM: 133087 // PACKETSTORM: 134475 // PACKETSTORM: 133130 // PACKETSTORM: 135505 // PACKETSTORM: 135009 // CNNVD: CNNVD-201508-001 // NVD: CVE-2015-5600

CREDITS

king cope

Trust: 0.3

sources: BID: 75990

SOURCES

db:VULMONid:CVE-2015-5600
db:BIDid:75990
db:JVNDBid:JVNDB-2015-003969
db:PACKETSTORMid:137294
db:PACKETSTORMid:136331
db:PACKETSTORMid:133087
db:PACKETSTORMid:134475
db:PACKETSTORMid:133130
db:PACKETSTORMid:135505
db:PACKETSTORMid:135009
db:CNNVDid:CNNVD-201508-001
db:NVDid:CVE-2015-5600

LAST UPDATE DATE

2024-11-18T20:03:57.077000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2015-5600date:2022-12-13T00:00:00
db:BIDid:75990date:2017-01-23T00:06:00
db:JVNDBid:JVNDB-2015-003969date:2016-07-27T00:00:00
db:CNNVDid:CNNVD-201508-001date:2022-12-14T00:00:00
db:NVDid:CVE-2015-5600date:2022-12-13T12:15:17.307

SOURCES RELEASE DATE

db:VULMONid:CVE-2015-5600date:2015-08-03T00:00:00
db:BIDid:75990date:2015-07-22T00:00:00
db:JVNDBid:JVNDB-2015-003969date:2015-08-04T00:00:00
db:PACKETSTORMid:137294date:2016-06-02T16:22:00
db:PACKETSTORMid:136331date:2016-03-22T00:06:00
db:PACKETSTORMid:133087date:2015-08-14T20:53:10
db:PACKETSTORMid:134475date:2015-11-20T00:47:23
db:PACKETSTORMid:133130date:2015-08-18T22:29:09
db:PACKETSTORMid:135505date:2016-01-29T20:34:00
db:PACKETSTORMid:135009date:2015-12-21T23:23:00
db:CNNVDid:CNNVD-201508-001date:2015-08-03T00:00:00
db:NVDid:CVE-2015-5600date:2015-08-03T01:59:03.950