Details of VAR-201808-0455

ID

VAR-201808-0455

CVE

CVE-2018-15473

TITLE

OpenSSH Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-009191

DESCRIPTION

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH Contains an information disclosure vulnerability.Information may be obtained. OpenSSH is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. OpenSSH through 7.7 are vulnerable; other versions may also be affected. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. This vulnerability stems from configuration errors in network systems or products during operation. Impact ====== A remote attacker could conduct user enumeration. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.7_p1-r8" References ========== [ 1 ] CVE-2018-15473 https://nvd.nist.gov/vuln/detail/CVE-2018-15473 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:2143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2143 Issue date: 2019-08-06 CVE Names: CVE-2018-15473 ==================================================================== 1. Summary: An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1583735 - Permission denied reading authorized_keys when setting AuthorizedKeysCommand 1619063 - CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests 1712053 - tmux session not attached automatically during manual installation on s390x 1722446 - openssh FIPS cipher list has an extra comma in it 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssh-7.4p1-21.el7.src.rpm ppc64: openssh-7.4p1-21.el7.ppc64.rpm openssh-askpass-7.4p1-21.el7.ppc64.rpm openssh-clients-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-keycat-7.4p1-21.el7.ppc64.rpm openssh-server-7.4p1-21.el7.ppc64.rpm ppc64le: openssh-7.4p1-21.el7.ppc64le.rpm openssh-askpass-7.4p1-21.el7.ppc64le.rpm openssh-clients-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-keycat-7.4p1-21.el7.ppc64le.rpm openssh-server-7.4p1-21.el7.ppc64le.rpm s390x: openssh-7.4p1-21.el7.s390x.rpm openssh-askpass-7.4p1-21.el7.s390x.rpm openssh-clients-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-keycat-7.4p1-21.el7.s390x.rpm openssh-server-7.4p1-21.el7.s390x.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssh-cavs-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-ldap-7.4p1-21.el7.ppc64.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64.rpm ppc64le: openssh-cavs-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-ldap-7.4p1-21.el7.ppc64le.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64le.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64le.rpm s390x: openssh-cavs-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-ldap-7.4p1-21.el7.s390x.rpm openssh-server-sysvinit-7.4p1-21.el7.s390x.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390x.rpm x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-15473 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl2+9zjgjWX9erEAQghMQ//ao8h2SV6O/qKXHnO+WB1PYTD3rzASW8f pE++fRS0YTGtkoCmwEsYDRqg7Xw+3LIX/j8gYztFtMDoU7alLTkywBvszsBvRSCF Xi2yutUkhcygCldcwrHwNgVGa2kMni6Fm/O2ZCLkHdOHZLwMOZjBe0T4Ompc2ok5 TshNRwUWjCfzY3pwG1c9lffrfq2/DgIzi+o9MCjNCaRgFKDo9Ufgw93CSmPm/61u WVr7pV/+yXRlswG0ZnK3gOK19lYQIQfS9sQJzFelcF1pOCseZUqiKOTVMcBP0XaB uIODY4Ra/BRX9pLXN9JkBTBE8iSPO+VGKoF/m9urqpg7Z+kaH2KwdyrJeHIzY/mA e1Cidd4RsK9HwwBoRdIlw6MjstoymmF2OaYcO0Yb36abUWEF0CFIZQeAZR89ZvGG zKnc+YybH/ELu1VEF7CfBQFyP6DFt8fgFvBI5yCCjzxy0XYVrave6zLO+6a7Hg94 5UDWDIIT7h55CYlfCiZ4pBClRJSO4/XKs3lcUsvirnyagyO5it1yZpkCiavFfcah PewUzfp6mz5BXUUhJHDdFe/LgAWE7DCiMy1A78iKy0kY4Yu/tgfgMJ/KXYnyIj62 mY7o0lHcjBNHqUVDscNOtbV3EG7jsgHI1XtTIOlBeijkmPaDZnnMbM5ZXhhDzGPV fl5KApr4ST8=wPC+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (stretch), this problem has been fixed in version 1:7.4p1-10+deb9u4. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlt9ATUACgkQEL6Jg/PV nWSHYggArjTv1/72Mxj8D8qXRiixHTY3QIRki03VOLQtk7tje8BmymeRerwmECGh fjBuF4sueVrBED7vWpf9+HU9Z8VYLDKQp56xMLlqnt1Ge5HaPVHLToY4gn/lOl+J pFGwn4BKYMlo+v/rnWg1Ay0n8DZnmg8GnBqgpeFI56AUy4rw9eaRAByI80Btd69u vInT9A/sOYmywD4fH6cl7JDDZHF1AxgkW9Jar/tTVQtR/PqT7Cb2RJmxOB75/BrG /8etuiWfh6sY4cBZco+AkXL2Yb97bJQdwDZQwqMLJtA2rdjSGA3zQdnzM8htrSYH p0SeM24q209KRsvXG9KM3vKWW4vohw== =qxOC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3809-2 August 12, 2021 openssh regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-3809-1 introduced a regression in OpenSSH. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: openssh-server 1:7.6p1-4ubuntu0.5 In general, a standard system update will make all the necessary changes

Trust: 2.61

sources: NVD: CVE-2018-15473 // JVNDB: JVNDB-2018-009191 // BID: 105140 // VULHUB: VHN-125736 // VULMON: CVE-2018-15473 // PACKETSTORM: 149694 // PACKETSTORM: 152444 // PACKETSTORM: 150190 // PACKETSTORM: 153906 // PACKETSTORM: 149037 // PACKETSTORM: 163809

AFFECTED PRODUCTS

vendor:	openbsd	model:	openssh	scope:	lte	version:	7.7	Trust: 1.8
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netapp	model:	data ontap edge	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	virtual storage console	scope:	gte	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	netapp	model:	vasa provider	scope:	gte	version:	7.2	Trust: 1.0
vendor:	siemens	model:	scalance x204rna	scope:	lt	version:	3.2.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	oncommand unified manager	scope:	gte	version:	9.4	Trust: 1.0
vendor:	netapp	model:	aff baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	ontap select deploy	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	fas baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	oracle	model:	sun zfs storage appliance kit	scope:	eq	version:	8.8.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	netapp	model:	cn1610	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	netapp	model:	service processor	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netapp	model:	storage replication adapter	scope:	gte	version:	7.2	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.2	Trust: 0.9
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.4	Trust: 0.9
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.1	Trust: 0.9
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.4	Trust: 0.9
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.2	Trust: 0.9
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.3	Trust: 0.6
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.2p1	Trust: 0.6
vendor:	openbsd	model:	openssh	scope:	eq	version:	1.5.8	Trust: 0.6
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.4	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.1.16	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.1	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	2.1.x	Trust: 0.3
vendor:	openbsd	model:	openssh p1	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.6	Trust: 0.3
vendor:	openbsd	model:	openssh 5.8p2	scope:	-	version:	-	Trust: 0.3
vendor:	openbsd	model:	openssh p1	scope:	eq	version:	3.9	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	2.1	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	6.6	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.13	Trust: 0.3
vendor:	mcafee	model:	data exchange layer	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	6.4	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.4.1	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	3.0	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.9	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.7.16	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.3	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.8	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.7	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.16	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	3.3	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	2.2.x	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	2.9	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.8	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.0	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.8	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.10	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.2.6	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3.12	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.3.5	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	6.0	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	2.5.2	Trust: 0.3
vendor:	openbsd	model:	openssh 4.3p1	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3.7	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.7	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.1.5	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.3	Trust: 0.3
vendor:	openbsd	model:	openssh p1	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.5	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.75	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	mcafee	model:	data exchange layer hotfix	scope:	ne	version:	4.1.21	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3.126	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	6.3	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.9.5	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3.12.9	Trust: 0.3
vendor:	openbsd	model:	openssh p1	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.8.15	Trust: 0.3
vendor:	openbsd	model:	openssh p2	scope:	eq	version:	2.5.2	Trust: 0.3
vendor:	openbsd	model:	openssh p1	scope:	eq	version:	3.8.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.8.5	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	7.7	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	openbsd	model:	openssh p1	scope:	eq	version:	3.0	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.9	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.4	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3.11	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	2.2.0	Trust: 0.3
vendor:	openbsd	model:	openssh 4.7p1	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.68	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.0	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.12	Trust: 0.3
vendor:	openbsd	model:	openssh p1	scope:	eq	version:	2.9	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.5	Trust: 0.3
vendor:	openbsd	model:	openssh p2	scope:	eq	version:	2.9	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	5.6	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.1	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	mcafee	model:	data exchange layer	scope:	eq	version:	4.0	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	3.4	Trust: 0.3
vendor:	openbsd	model:	openssh 4.2p1	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3.8	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.8	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3.10	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.9.6	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.6	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.14	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	1.2	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	4.7	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1.2.15	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.0	Trust: 0.3
vendor:	openbsd	model:	openssh	scope:	eq	version:	6.5	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.0	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.8.7	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.3	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.8.6	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2	Trust: 0.3
vendor:	openbsd	model:	openssh p1	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.11	Trust: 0.3
vendor:	ibm	model:	aix l	scope:	eq	version:	5.3	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1.9	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.9	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3.9	Trust: 0.3
vendor:	mcafee	model:	data exchange layer	scope:	eq	version:	4.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.2.0.1	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.4.0	Trust: 0.3

sources: BID: 105140 // JVNDB: JVNDB-2018-009191 // CNNVD: CNNVD-201808-536 // NVD: CVE-2018-15473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15473
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15473
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201808-536
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125736
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-15473
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15473
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-125736
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15473
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-15473
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-125736 // VULMON: CVE-2018-15473 // JVNDB: JVNDB-2018-009191 // CNNVD: CNNVD-201808-536 // NVD: CVE-2018-15473

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.1
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-125736 // JVNDB: JVNDB-2018-009191 // NVD: CVE-2018-15473

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 149694 // PACKETSTORM: 149037 // CNNVD: CNNVD-201808-536

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-536

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009191

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-125736 // VULMON: CVE-2018-15473

PATCH

title:	[SECURITY] [DLA-1474-1] openssh security update	url:	https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html	Trust: 0.8
title:	#906236	url:	https://bugs.debian.org/906236	Trust: 0.8
title:	DSA-4280	url:	https://www.debian.org/security/2018/dsa-4280	Trust: 0.8
title:	delay bailout for invalid authenticating user until after the packet	url:	https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0	Trust: 0.8
title:	OpenSSH Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=84138	Trust: 0.6
title:	Red Hat: Low: openssh security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192143 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: openssh security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190711 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=03af68f4d7fde0c3fb73e02126ff3a8e	Trust: 0.1
title:	Debian Security Advisories: DSA-4280-1 openssh -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=2a7b5fb5e55d81eb17c62731bbbfd77a	Trust: 0.1
title:	Ubuntu Security Notice: openssh vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3809-1	Trust: 0.1
title:	Debian CVElist Bug Report Logs: dropbear: CVE-2018-15599	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7c424f6ef8f9ae42d937439b82dd93b6	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2018-1075	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1075	Trust: 0.1
title:	Red Hat: CVE-2018-15473	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-15473	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in OpenSSH (CVE-2018-15473)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=253611bf347a972572fe2b907ea5475f	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-15473	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by an openssh vulnerability (CVE-2018-15473)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7a5223ad10e1ecdb6ac4eeefcf28a096	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2018-1075	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1075	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=10fccabd4c7b965694dd52ad1484a543	Trust: 0.1
title:	Citrix Security Bulletins: Citrix Hypervisor Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=93d4930e8ac6de6dc742ba1d0a2eb835	Trust: 0.1
title:	Symantec Security Advisories: OpenSSH Vulnerabilities Jan-Aug 2018	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=eafec7859e071aa17b0b5511d3b3eb53	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSH	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=09467db835e132cd1a0a8012efa155dc	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - April 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0cf12ffad0c479958deb0741d0970b4e	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=800337bc69aa7ad92ac88a2adcc7d426	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=d08e40deea44ef7cc7cf69a5cbffc984	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=aea3fcafd82c179d3a5dfa015e920864	Trust: 0.1
title:	SUF	url:	https://github.com/ghostwalkr/SUF	Trust: 0.1
title:	cve-2018-15473	url:	https://github.com/epi052/cve-2018-15473	Trust: 0.1
title:	CVE-2018-15473-Exploit	url:	https://github.com/Rhynorater/CVE-2018-15473-Exploit	Trust: 0.1
title:	cve-2018-15473	url:	https://github.com/Wh1t3Fox/cve-2018-15473	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2018-15473	Trust: 0.1
title:	CVE-2018-15473_exploit	url:	https://github.com/pyperanger/CVE-2018-15473_exploit	Trust: 0.1
title:	-	url:	https://github.com/Pixiel333/Pentest-Cheat-sheet	Trust: 0.1
title:	tools-bbounty	url:	https://github.com/korbanbbt/tools-bbounty	Trust: 0.1
title:	CVE-2018-15473	url:	https://github.com/1stPeak/CVE-2018-15473	Trust: 0.1
title:	cve-2018-15473	url:	https://github.com/cved-sources/cve-2018-15473	Trust: 0.1
title:	CVE-2018-15473_OpenSSH_7.7	url:	https://github.com/WildfootW/CVE-2018-15473_OpenSSH_7.7	Trust: 0.1
title:	SUOPE	url:	https://github.com/angry-bender/SUOPE	Trust: 0.1
title:	patch_exploit_ssh	url:	https://github.com/gustavorobertux/patch_exploit_ssh	Trust: 0.1
title:	CVE-2018-15473	url:	https://github.com/Sait-Nuri/CVE-2018-15473	Trust: 0.1
title:	WebMap	url:	https://github.com/jcradarsniper/WebMap	Trust: 0.1
title:	shodan-CVE-2018-15473	url:	https://github.com/66quentin/shodan-CVE-2018-15473	Trust: 0.1
title:	CVE-2018-15473	url:	https://github.com/robiul-awal/CVE-2018-15473	Trust: 0.1
title:	-	url:	https://github.com/0xrobiul/CVE-2018-15473	Trust: 0.1
title:	CVE-2018-15473	url:	https://github.com/r3dxpl0it/CVE-2018-15473	Trust: 0.1
title:	CVE-2018-15473-exp	url:	https://github.com/LINYIKAI/CVE-2018-15473-exp	Trust: 0.1

sources: VULMON: CVE-2018-15473 // JVNDB: JVNDB-2018-009191 // CNNVD: CNNVD-201808-536

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15473	Trust: 3.5
db:	OPENWALL	id:	OSS-SECURITY/2018/08/15/5	Trust: 2.5
db:	SECTRACK	id:	1041487	Trust: 2.5
db:	BID	id:	105140	Trust: 2.0
db:	EXPLOIT-DB	id:	45939	Trust: 1.7
db:	EXPLOIT-DB	id:	45210	Trust: 1.7
db:	EXPLOIT-DB	id:	45233	Trust: 1.7
db:	SIEMENS	id:	SSA-412672	Trust: 1.7
db:	MCAFEE	id:	SB10266	Trust: 0.9
db:	PACKETSTORM	id:	152444	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-009191	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-536	Trust: 0.7
db:	PACKETSTORM	id:	163809	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1277	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3514	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0936	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1557	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1212	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3462	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0102	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0342	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2750	Trust: 0.6
db:	CS-HELP	id:	SB2021081216	Trust: 0.6
db:	NSFOCUS	id:	43154	Trust: 0.6
db:	PACKETSTORM	id:	149694	Trust: 0.2
db:	PACKETSTORM	id:	149037	Trust: 0.2
db:	PACKETSTORM	id:	153906	Trust: 0.2
db:	PACKETSTORM	id:	150621	Trust: 0.1
db:	SEEBUG	id:	SSVID-97503	Trust: 0.1
db:	VULHUB	id:	VHN-125736	Trust: 0.1
db:	VULMON	id:	CVE-2018-15473	Trust: 0.1
db:	PACKETSTORM	id:	150190	Trust: 0.1

sources: VULHUB: VHN-125736 // VULMON: CVE-2018-15473 // BID: 105140 // JVNDB: JVNDB-2018-009191 // PACKETSTORM: 149694 // PACKETSTORM: 152444 // PACKETSTORM: 150190 // PACKETSTORM: 153906 // PACKETSTORM: 149037 // PACKETSTORM: 163809 // CNNVD: CNNVD-201808-536 // NVD: CVE-2018-15473

REFERENCES

url:	http://www.securityfocus.com/bid/105140	Trust: 3.5
url:	http://www.openwall.com/lists/oss-security/2018/08/15/5	Trust: 2.5
url:	http://www.securitytracker.com/id/1041487	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:0711	Trust: 2.4
url:	https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0	Trust: 2.0
url:	https://security.gentoo.org/glsa/201810-03	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2143	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Trust: 1.7
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0011	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20181101-0001/	Trust: 1.7
url:	https://www.debian.org/security/2018/dsa-4280	Trust: 1.7
url:	https://www.exploit-db.com/exploits/45210/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/45233/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/45939/	Trust: 1.7
url:	https://bugs.debian.org/906236	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2020.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html	Trust: 1.7
url:	https://usn.ubuntu.com/3809-1/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15473	Trust: 1.4
url:	https://access.redhat.com/security/cve/cve-2018-15473	Trust: 1.1
url:	https://github.com/rhynorater/cve-2018-15473-exploit	Trust: 0.9
url:	http://www.openssh.com	Trust: 0.9
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1619063	Trust: 0.9
url:	https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2019-5461368.html	Trust: 0.9
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10266	Trust: 0.9
url:	http://aix.software.ibm.com/aix/efixes/security/openssh_advisory12.asc	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15473	Trust: 0.8
url:	https://www.ibm.com/support/pages/node/1284766	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1284760	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1284772	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1284778	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1284784	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10880795	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170328	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170340	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170334	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170322	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170352	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170346	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-addressed-in-ibm-security-privileged-identity-manager/	Trust: 0.6
url:	https://packetstormsecurity.com/files/152444/red-hat-security-advisory-2019-0711-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities-cve-2019-4674-cve-2018-15473-cve-2019-4675/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021081216	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0342/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1101975	Trust: 0.6
url:	https://packetstormsecurity.com/files/163809/ubuntu-security-notice-usn-3809-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77578	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3462/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43154	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3514/	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10880777	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-have-been-addressed-in-ibm-security-directory-suite-cve-2018-15473/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1557/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-affects-ibm-integrated-analytics-system/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0102/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-openssh-vulnerabilty-cve-2018-15473/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78730	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79026	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-vulnerable-to-information-disclosure-cve-2018-15473/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2750	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10870680	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10708	Trust: 0.2
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.6	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3809-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.11	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openssh	Trust: 0.1
url:	https://launchpad.net/bugs/1934501	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-3809-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.5	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-3809-1	Trust: 0.1

sources: VULHUB: VHN-125736 // BID: 105140 // JVNDB: JVNDB-2018-009191 // PACKETSTORM: 149694 // PACKETSTORM: 152444 // PACKETSTORM: 150190 // PACKETSTORM: 153906 // PACKETSTORM: 149037 // PACKETSTORM: 163809 // CNNVD: CNNVD-201808-536 // NVD: CVE-2018-15473

CREDITS

Red Hat,The vendor reported this issue.,OpenSSL

Trust: 0.6

sources: CNNVD: CNNVD-201808-536

SOURCES

db:	VULHUB	id:	VHN-125736
db:	VULMON	id:	CVE-2018-15473
db:	BID	id:	105140
db:	JVNDB	id:	JVNDB-2018-009191
db:	PACKETSTORM	id:	149694
db:	PACKETSTORM	id:	152444
db:	PACKETSTORM	id:	150190
db:	PACKETSTORM	id:	153906
db:	PACKETSTORM	id:	149037
db:	PACKETSTORM	id:	163809
db:	CNNVD	id:	CNNVD-201808-536
db:	NVD	id:	CVE-2018-15473

LAST UPDATE DATE

2024-08-14T12:12:04.807000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125736	date:	2023-02-23T00:00:00
db:	VULMON	id:	CVE-2018-15473	date:	2023-02-23T00:00:00
db:	BID	id:	105140	date:	2019-04-19T07:00:00
db:	JVNDB	id:	JVNDB-2018-009191	date:	2018-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201808-536	date:	2022-12-14T00:00:00
db:	NVD	id:	CVE-2018-15473	date:	2023-02-23T23:13:42.887

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125736	date:	2018-08-17T00:00:00
db:	VULMON	id:	CVE-2018-15473	date:	2018-08-17T00:00:00
db:	BID	id:	105140	date:	2018-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-009191	date:	2018-11-09T00:00:00
db:	PACKETSTORM	id:	149694	date:	2018-10-07T19:19:00
db:	PACKETSTORM	id:	152444	date:	2019-04-09T17:52:27
db:	PACKETSTORM	id:	150190	date:	2018-11-06T21:04:06
db:	PACKETSTORM	id:	153906	date:	2019-08-06T20:56:04
db:	PACKETSTORM	id:	149037	date:	2018-08-22T18:18:00
db:	PACKETSTORM	id:	163809	date:	2021-08-12T15:49:43
db:	CNNVD	id:	CNNVD-201808-536	date:	2018-08-20T00:00:00
db:	NVD	id:	CVE-2018-15473	date:	2018-08-17T19:29:00.223