ID

VAR-201808-0455


CVE

CVE-2018-15473


TITLE

OpenSSH Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-009191

DESCRIPTION

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH Contains an information disclosure vulnerability.Information may be obtained. OpenSSH is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. OpenSSH through 7.7 are vulnerable; other versions may also be affected. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. This vulnerability stems from configuration errors in network systems or products during operation. Impact ====== A remote attacker could conduct user enumeration. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.7_p1-r8" References ========== [ 1 ] CVE-2018-15473 https://nvd.nist.gov/vuln/detail/CVE-2018-15473 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:2143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2143 Issue date: 2019-08-06 CVE Names: CVE-2018-15473 ==================================================================== 1. Summary: An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1583735 - Permission denied reading authorized_keys when setting AuthorizedKeysCommand 1619063 - CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests 1712053 - tmux session not attached automatically during manual installation on s390x 1722446 - openssh FIPS cipher list has an extra comma in it 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssh-7.4p1-21.el7.src.rpm ppc64: openssh-7.4p1-21.el7.ppc64.rpm openssh-askpass-7.4p1-21.el7.ppc64.rpm openssh-clients-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-keycat-7.4p1-21.el7.ppc64.rpm openssh-server-7.4p1-21.el7.ppc64.rpm ppc64le: openssh-7.4p1-21.el7.ppc64le.rpm openssh-askpass-7.4p1-21.el7.ppc64le.rpm openssh-clients-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-keycat-7.4p1-21.el7.ppc64le.rpm openssh-server-7.4p1-21.el7.ppc64le.rpm s390x: openssh-7.4p1-21.el7.s390x.rpm openssh-askpass-7.4p1-21.el7.s390x.rpm openssh-clients-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-keycat-7.4p1-21.el7.s390x.rpm openssh-server-7.4p1-21.el7.s390x.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssh-cavs-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-ldap-7.4p1-21.el7.ppc64.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64.rpm ppc64le: openssh-cavs-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-ldap-7.4p1-21.el7.ppc64le.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64le.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64le.rpm s390x: openssh-cavs-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-ldap-7.4p1-21.el7.s390x.rpm openssh-server-sysvinit-7.4p1-21.el7.s390x.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390x.rpm x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssh-7.4p1-21.el7.src.rpm x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-15473 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl2+9zjgjWX9erEAQghMQ//ao8h2SV6O/qKXHnO+WB1PYTD3rzASW8f pE++fRS0YTGtkoCmwEsYDRqg7Xw+3LIX/j8gYztFtMDoU7alLTkywBvszsBvRSCF Xi2yutUkhcygCldcwrHwNgVGa2kMni6Fm/O2ZCLkHdOHZLwMOZjBe0T4Ompc2ok5 TshNRwUWjCfzY3pwG1c9lffrfq2/DgIzi+o9MCjNCaRgFKDo9Ufgw93CSmPm/61u WVr7pV/+yXRlswG0ZnK3gOK19lYQIQfS9sQJzFelcF1pOCseZUqiKOTVMcBP0XaB uIODY4Ra/BRX9pLXN9JkBTBE8iSPO+VGKoF/m9urqpg7Z+kaH2KwdyrJeHIzY/mA e1Cidd4RsK9HwwBoRdIlw6MjstoymmF2OaYcO0Yb36abUWEF0CFIZQeAZR89ZvGG zKnc+YybH/ELu1VEF7CfBQFyP6DFt8fgFvBI5yCCjzxy0XYVrave6zLO+6a7Hg94 5UDWDIIT7h55CYlfCiZ4pBClRJSO4/XKs3lcUsvirnyagyO5it1yZpkCiavFfcah PewUzfp6mz5BXUUhJHDdFe/LgAWE7DCiMy1A78iKy0kY4Yu/tgfgMJ/KXYnyIj62 mY7o0lHcjBNHqUVDscNOtbV3EG7jsgHI1XtTIOlBeijkmPaDZnnMbM5ZXhhDzGPV fl5KApr4ST8=wPC+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (stretch), this problem has been fixed in version 1:7.4p1-10+deb9u4. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlt9ATUACgkQEL6Jg/PV nWSHYggArjTv1/72Mxj8D8qXRiixHTY3QIRki03VOLQtk7tje8BmymeRerwmECGh fjBuF4sueVrBED7vWpf9+HU9Z8VYLDKQp56xMLlqnt1Ge5HaPVHLToY4gn/lOl+J pFGwn4BKYMlo+v/rnWg1Ay0n8DZnmg8GnBqgpeFI56AUy4rw9eaRAByI80Btd69u vInT9A/sOYmywD4fH6cl7JDDZHF1AxgkW9Jar/tTVQtR/PqT7Cb2RJmxOB75/BrG /8etuiWfh6sY4cBZco+AkXL2Yb97bJQdwDZQwqMLJtA2rdjSGA3zQdnzM8htrSYH p0SeM24q209KRsvXG9KM3vKWW4vohw== =qxOC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3809-2 August 12, 2021 openssh regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-3809-1 introduced a regression in OpenSSH. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: openssh-server 1:7.6p1-4ubuntu0.5 In general, a standard system update will make all the necessary changes

Trust: 2.61

sources: NVD: CVE-2018-15473 // JVNDB: JVNDB-2018-009191 // BID: 105140 // VULHUB: VHN-125736 // VULMON: CVE-2018-15473 // PACKETSTORM: 149694 // PACKETSTORM: 152444 // PACKETSTORM: 150190 // PACKETSTORM: 153906 // PACKETSTORM: 149037 // PACKETSTORM: 163809

AFFECTED PRODUCTS

vendor:openbsdmodel:opensshscope:lteversion:7.7

Trust: 1.8

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:data ontap edgescope:eqversion: -

Trust: 1.0

vendor:netappmodel:virtual storage consolescope:gteversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:vasa providerscope:gteversion:7.2

Trust: 1.0

vendor:siemensmodel:scalance x204rnascope:ltversion:3.2.7

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:netappmodel:data ontapscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand unified managerscope:gteversion:9.4

Trust: 1.0

vendor:netappmodel:aff baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:ontap select deployscope:eqversion: -

Trust: 1.0

vendor:netappmodel:fas baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:oraclemodel:sun zfs storage appliance kitscope:eqversion:8.8.6

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:netappmodel:cn1610scope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:netappmodel:service processorscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:netappmodel:storage replication adapterscope:gteversion:7.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:openbsdmodel:opensshscope:eqversion:4.2

Trust: 0.9

vendor:openbsdmodel:opensshscope:eqversion:4.4

Trust: 0.9

vendor:openbsdmodel:opensshscope:eqversion:5.1

Trust: 0.9

vendor:openbsdmodel:opensshscope:eqversion:5.4

Trust: 0.9

vendor:openbsdmodel:opensshscope:eqversion:5.2

Trust: 0.9

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:openbsdmodel:opensshscope:eqversion:5.3

Trust: 0.6

vendor:openbsdmodel:opensshscope:eqversion:4.2p1

Trust: 0.6

vendor:openbsdmodel:opensshscope:eqversion:1.5.8

Trust: 0.6

vendor:openbsdmodel:opensshscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1.16

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:3.0.2

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:1.2.3

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:4.1

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:2.1.x

Trust: 0.3

vendor:openbsdmodel:openssh p1scope:eqversion:2.3.1

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:4.6

Trust: 0.3

vendor:openbsdmodel:openssh 5.8p2scope: - version: -

Trust: 0.3

vendor:openbsdmodel:openssh p1scope:eqversion:3.9

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:2.1

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:6.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:mcafeemodel:data exchange layerscope:eqversion:4.1.2

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:6.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.4.1

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:3.0

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:4.9

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.7.16

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:5.7

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.16

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:3.0.1

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:3.3

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:2.2.x

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:2.9

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:5.8

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.2.6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.12

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.3.5

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:6.0

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:2.5.2

Trust: 0.3

vendor:openbsdmodel:openssh 4.3p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:openbsdmodel:openssh p1scope:eqversion:3.0.1

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:5.5

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.75

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3

Trust: 0.3

vendor:mcafeemodel:data exchange layer hotfixscope:neversion:4.1.21

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.126

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:2.1.1

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.9.5

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.12.9

Trust: 0.3

vendor:openbsdmodel:openssh p1scope:eqversion:3.0.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8.15

Trust: 0.3

vendor:openbsdmodel:openssh p2scope:eqversion:2.5.2

Trust: 0.3

vendor:openbsdmodel:openssh p1scope:eqversion:3.8.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.2

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8.5

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:7.7

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:2.3.1

Trust: 0.3

vendor:openbsdmodel:openssh p1scope:eqversion:3.0

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:5.9

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.11

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:2.2.0

Trust: 0.3

vendor:openbsdmodel:openssh 4.7p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.68

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:openbsdmodel:openssh p1scope:eqversion:2.9

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:openbsdmodel:openssh p2scope:eqversion:2.9

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:5.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:mcafeemodel:data exchange layerscope:eqversion:4.0

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:3.4

Trust: 0.3

vendor:openbsdmodel:openssh 4.2p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.8

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:4.8

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.9.6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:1.2

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:4.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.2.15

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:openbsdmodel:opensshscope:eqversion:6.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:openbsdmodel:openssh p1scope:eqversion:2.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.9

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.9

Trust: 0.3

vendor:mcafeemodel:data exchange layerscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2.0.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.4.0

Trust: 0.3

sources: BID: 105140 // JVNDB: JVNDB-2018-009191 // CNNVD: CNNVD-201808-536 // NVD: CVE-2018-15473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15473
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15473
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201808-536
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125736
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-15473
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15473
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-125736
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15473
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-15473
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125736 // VULMON: CVE-2018-15473 // JVNDB: JVNDB-2018-009191 // CNNVD: CNNVD-201808-536 // NVD: CVE-2018-15473

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-125736 // JVNDB: JVNDB-2018-009191 // NVD: CVE-2018-15473

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 149694 // PACKETSTORM: 149037 // CNNVD: CNNVD-201808-536

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-536

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009191

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-125736 // VULMON: CVE-2018-15473

PATCH

title:[SECURITY] [DLA-1474-1] openssh security updateurl:https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html

Trust: 0.8

title:#906236url:https://bugs.debian.org/906236

Trust: 0.8

title:DSA-4280url:https://www.debian.org/security/2018/dsa-4280

Trust: 0.8

title:delay bailout for invalid authenticating user until after the packeturl:https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Trust: 0.8

title:OpenSSH Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=84138

Trust: 0.6

title:Red Hat: Low: openssh security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192143 - Security Advisory

Trust: 0.1

title:Red Hat: Low: openssh security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190711 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packeturl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=03af68f4d7fde0c3fb73e02126ff3a8e

Trust: 0.1

title:Debian Security Advisories: DSA-4280-1 openssh -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=2a7b5fb5e55d81eb17c62731bbbfd77a

Trust: 0.1

title:Ubuntu Security Notice: openssh vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3809-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: dropbear: CVE-2018-15599url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7c424f6ef8f9ae42d937439b82dd93b6

Trust: 0.1

title:Amazon Linux AMI: ALAS-2018-1075url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1075

Trust: 0.1

title:Red Hat: CVE-2018-15473url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-15473

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in OpenSSH (CVE-2018-15473)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=253611bf347a972572fe2b907ea5475f

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-15473

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by an openssh vulnerability (CVE-2018-15473)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7a5223ad10e1ecdb6ac4eeefcf28a096

Trust: 0.1

title:Amazon Linux 2: ALAS2-2018-1075url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1075

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=10fccabd4c7b965694dd52ad1484a543

Trust: 0.1

title:Citrix Security Bulletins: Citrix Hypervisor Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=93d4930e8ac6de6dc742ba1d0a2eb835

Trust: 0.1

title:Symantec Security Advisories: OpenSSH Vulnerabilities Jan-Aug 2018url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=eafec7859e071aa17b0b5511d3b3eb53

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSHurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=09467db835e132cd1a0a8012efa155dc

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0cf12ffad0c479958deb0741d0970b4e

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Applianceurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=800337bc69aa7ad92ac88a2adcc7d426

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=d08e40deea44ef7cc7cf69a5cbffc984

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=aea3fcafd82c179d3a5dfa015e920864

Trust: 0.1

title:SUFurl:https://github.com/ghostwalkr/SUF

Trust: 0.1

title:cve-2018-15473url:https://github.com/epi052/cve-2018-15473

Trust: 0.1

title:CVE-2018-15473-Exploiturl:https://github.com/Rhynorater/CVE-2018-15473-Exploit

Trust: 0.1

title:cve-2018-15473url:https://github.com/Wh1t3Fox/cve-2018-15473

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2018-15473

Trust: 0.1

title:CVE-2018-15473_exploiturl:https://github.com/pyperanger/CVE-2018-15473_exploit

Trust: 0.1

title: - url:https://github.com/Pixiel333/Pentest-Cheat-sheet

Trust: 0.1

title:tools-bbountyurl:https://github.com/korbanbbt/tools-bbounty

Trust: 0.1

title:CVE-2018-15473url:https://github.com/1stPeak/CVE-2018-15473

Trust: 0.1

title:cve-2018-15473url:https://github.com/cved-sources/cve-2018-15473

Trust: 0.1

title:CVE-2018-15473_OpenSSH_7.7url:https://github.com/WildfootW/CVE-2018-15473_OpenSSH_7.7

Trust: 0.1

title:SUOPEurl:https://github.com/angry-bender/SUOPE

Trust: 0.1

title:patch_exploit_sshurl:https://github.com/gustavorobertux/patch_exploit_ssh

Trust: 0.1

title:CVE-2018-15473url:https://github.com/Sait-Nuri/CVE-2018-15473

Trust: 0.1

title:WebMapurl:https://github.com/jcradarsniper/WebMap

Trust: 0.1

title:shodan-CVE-2018-15473url:https://github.com/66quentin/shodan-CVE-2018-15473

Trust: 0.1

title:CVE-2018-15473url:https://github.com/robiul-awal/CVE-2018-15473

Trust: 0.1

title: - url:https://github.com/0xrobiul/CVE-2018-15473

Trust: 0.1

title:CVE-2018-15473url:https://github.com/r3dxpl0it/CVE-2018-15473

Trust: 0.1

title:CVE-2018-15473-expurl:https://github.com/LINYIKAI/CVE-2018-15473-exp

Trust: 0.1

sources: VULMON: CVE-2018-15473 // JVNDB: JVNDB-2018-009191 // CNNVD: CNNVD-201808-536

EXTERNAL IDS

db:NVDid:CVE-2018-15473

Trust: 3.5

db:OPENWALLid:OSS-SECURITY/2018/08/15/5

Trust: 2.5

db:SECTRACKid:1041487

Trust: 2.5

db:BIDid:105140

Trust: 2.0

db:EXPLOIT-DBid:45939

Trust: 1.7

db:EXPLOIT-DBid:45210

Trust: 1.7

db:EXPLOIT-DBid:45233

Trust: 1.7

db:SIEMENSid:SSA-412672

Trust: 1.7

db:MCAFEEid:SB10266

Trust: 0.9

db:PACKETSTORMid:152444

Trust: 0.8

db:JVNDBid:JVNDB-2018-009191

Trust: 0.8

db:CNNVDid:CNNVD-201808-536

Trust: 0.7

db:PACKETSTORMid:163809

Trust: 0.7

db:AUSCERTid:ESB-2019.1277

Trust: 0.6

db:AUSCERTid:ESB-2020.3514

Trust: 0.6

db:AUSCERTid:ESB-2019.0936

Trust: 0.6

db:AUSCERTid:ESB-2020.1557

Trust: 0.6

db:AUSCERTid:ESB-2019.1212

Trust: 0.6

db:AUSCERTid:ESB-2020.3462

Trust: 0.6

db:AUSCERTid:ESB-2020.0102

Trust: 0.6

db:AUSCERTid:ESB-2020.0342

Trust: 0.6

db:AUSCERTid:ESB-2021.2750

Trust: 0.6

db:CS-HELPid:SB2021081216

Trust: 0.6

db:NSFOCUSid:43154

Trust: 0.6

db:PACKETSTORMid:149694

Trust: 0.2

db:PACKETSTORMid:149037

Trust: 0.2

db:PACKETSTORMid:153906

Trust: 0.2

db:PACKETSTORMid:150621

Trust: 0.1

db:SEEBUGid:SSVID-97503

Trust: 0.1

db:VULHUBid:VHN-125736

Trust: 0.1

db:VULMONid:CVE-2018-15473

Trust: 0.1

db:PACKETSTORMid:150190

Trust: 0.1

sources: VULHUB: VHN-125736 // VULMON: CVE-2018-15473 // BID: 105140 // JVNDB: JVNDB-2018-009191 // PACKETSTORM: 149694 // PACKETSTORM: 152444 // PACKETSTORM: 150190 // PACKETSTORM: 153906 // PACKETSTORM: 149037 // PACKETSTORM: 163809 // CNNVD: CNNVD-201808-536 // NVD: CVE-2018-15473

REFERENCES

url:http://www.securityfocus.com/bid/105140

Trust: 3.5

url:http://www.openwall.com/lists/oss-security/2018/08/15/5

Trust: 2.5

url:http://www.securitytracker.com/id/1041487

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:0711

Trust: 2.4

url:https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Trust: 2.0

url:https://security.gentoo.org/glsa/201810-03

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2143

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Trust: 1.7

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0011

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20181101-0001/

Trust: 1.7

url:https://www.debian.org/security/2018/dsa-4280

Trust: 1.7

url:https://www.exploit-db.com/exploits/45210/

Trust: 1.7

url:https://www.exploit-db.com/exploits/45233/

Trust: 1.7

url:https://www.exploit-db.com/exploits/45939/

Trust: 1.7

url:https://bugs.debian.org/906236

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html

Trust: 1.7

url:https://usn.ubuntu.com/3809-1/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-15473

Trust: 1.4

url:https://access.redhat.com/security/cve/cve-2018-15473

Trust: 1.1

url:https://github.com/rhynorater/cve-2018-15473-exploit

Trust: 0.9

url:http://www.openssh.com

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1619063

Trust: 0.9

url:https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2019-5461368.html

Trust: 0.9

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10266

Trust: 0.9

url:http://aix.software.ibm.com/aix/efixes/security/openssh_advisory12.asc

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15473

Trust: 0.8

url:https://www.ibm.com/support/pages/node/1284766

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1284760

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1284772

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1284778

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1284784

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10880795

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170328

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170340

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170334

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170322

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170352

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170346

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-addressed-in-ibm-security-privileged-identity-manager/

Trust: 0.6

url:https://packetstormsecurity.com/files/152444/red-hat-security-advisory-2019-0711-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities-cve-2019-4674-cve-2018-15473-cve-2019-4675/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081216

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0342/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1101975

Trust: 0.6

url:https://packetstormsecurity.com/files/163809/ubuntu-security-notice-usn-3809-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/77578

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3462/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43154

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3514/

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10880777

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-have-been-addressed-in-ibm-security-directory-suite-cve-2018-15473/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1557/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-affects-ibm-integrated-analytics-system/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0102/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-openssh-vulnerabilty-cve-2018-15473/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78730

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79026

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-vulnerable-to-information-disclosure-cve-2018-15473/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2750

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10870680

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-10708

Trust: 0.2

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.6

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3809-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.11

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssh

Trust: 0.1

url:https://launchpad.net/bugs/1934501

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-3809-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.5

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-3809-1

Trust: 0.1

sources: VULHUB: VHN-125736 // BID: 105140 // JVNDB: JVNDB-2018-009191 // PACKETSTORM: 149694 // PACKETSTORM: 152444 // PACKETSTORM: 150190 // PACKETSTORM: 153906 // PACKETSTORM: 149037 // PACKETSTORM: 163809 // CNNVD: CNNVD-201808-536 // NVD: CVE-2018-15473

CREDITS

Red Hat,The vendor reported this issue.,OpenSSL

Trust: 0.6

sources: CNNVD: CNNVD-201808-536

SOURCES

db:VULHUBid:VHN-125736
db:VULMONid:CVE-2018-15473
db:BIDid:105140
db:JVNDBid:JVNDB-2018-009191
db:PACKETSTORMid:149694
db:PACKETSTORMid:152444
db:PACKETSTORMid:150190
db:PACKETSTORMid:153906
db:PACKETSTORMid:149037
db:PACKETSTORMid:163809
db:CNNVDid:CNNVD-201808-536
db:NVDid:CVE-2018-15473

LAST UPDATE DATE

2024-08-14T12:12:04.807000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-125736date:2023-02-23T00:00:00
db:VULMONid:CVE-2018-15473date:2023-02-23T00:00:00
db:BIDid:105140date:2019-04-19T07:00:00
db:JVNDBid:JVNDB-2018-009191date:2018-11-09T00:00:00
db:CNNVDid:CNNVD-201808-536date:2022-12-14T00:00:00
db:NVDid:CVE-2018-15473date:2023-02-23T23:13:42.887

SOURCES RELEASE DATE

db:VULHUBid:VHN-125736date:2018-08-17T00:00:00
db:VULMONid:CVE-2018-15473date:2018-08-17T00:00:00
db:BIDid:105140date:2018-08-16T00:00:00
db:JVNDBid:JVNDB-2018-009191date:2018-11-09T00:00:00
db:PACKETSTORMid:149694date:2018-10-07T19:19:00
db:PACKETSTORMid:152444date:2019-04-09T17:52:27
db:PACKETSTORMid:150190date:2018-11-06T21:04:06
db:PACKETSTORMid:153906date:2019-08-06T20:56:04
db:PACKETSTORMid:149037date:2018-08-22T18:18:00
db:PACKETSTORMid:163809date:2021-08-12T15:49:43
db:CNNVDid:CNNVD-201808-536date:2018-08-20T00:00:00
db:NVDid:CVE-2018-15473date:2018-08-17T19:29:00.223