Vulnerabilities > CVE-2016-8858 - Resource Management Errors vulnerability in Openbsd Openssh

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
openbsd
CWE-399
nessus

Summary

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-184.NASL
    descriptionThis update for openssh fixes several issues. These security issues were fixed : - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests (bsc#1005480). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c allowed remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket (bsc#1016366). - CVE-2016-10010: When forwarding unix domain sockets with privilege separation disabled, the resulting sockets have be created as
    last seen2020-06-05
    modified2017-02-01
    plugin id96919
    published2017-02-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96919
    titleopenSUSE Security Update : openssh (openSUSE-2017-184)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-184.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96919);
      script_version("3.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-8858");
    
      script_name(english:"openSUSE Security Update : openssh (openSUSE-2017-184)");
      script_summary(english:"Check for the openSUSE-2017-184 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for openssh fixes several issues.
    
    These security issues were fixed :
    
      - CVE-2016-8858: The kex_input_kexinit function in kex.c
        allowed remote attackers to cause a denial of service
        (memory consumption) by sending many duplicate KEXINIT
        requests (bsc#1005480).
    
      - CVE-2016-10012: The shared memory manager (associated
        with pre-authentication compression) did not ensure that
        a bounds check is enforced by all compilers, which might
        allowed local users to gain privileges by leveraging
        access to a sandboxed privilege-separation process,
        related to the m_zback and m_zlib data structures
        (bsc#1016370).
    
      - CVE-2016-10009: Untrusted search path vulnerability in
        ssh-agent.c allowed remote attackers to execute
        arbitrary local PKCS#11 modules by leveraging control
        over a forwarded agent-socket (bsc#1016366).
    
      - CVE-2016-10010: When forwarding unix domain sockets with
        privilege separation disabled, the resulting sockets
        have be created as 'root' instead of the authenticated
        user. Forwarding unix domain sockets without privilege
        separation enabled is now rejected.
    
      - CVE-2016-10011: authfile.c in sshd did not properly
        consider the effects of realloc on buffer contents,
        which might allowed local users to obtain sensitive
        private-key information by leveraging access to a
        privilege-separated child process (bsc#1016369).
    
    These non-security issues were fixed :
    
      - Adjusted suggested command for removing conflicting
        server keys from the known_hosts file (bsc#1006221)
    
      - Properly verify CIDR masks in configuration (bsc#1005893
        bsc#1021626)
    
    This update was imported from the SUSE:SLE-12-SP2:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005480"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1006221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1016366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1016368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1016369"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1016370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021626"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssh packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-askpass-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-askpass-gnome-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-cavs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-fips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-helpers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-helpers-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-7.2p2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-askpass-gnome-7.2p2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-askpass-gnome-debuginfo-7.2p2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-cavs-7.2p2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-debuginfo-7.2p2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-debugsource-7.2p2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-fips-7.2p2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-helpers-7.2p2-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"openssh-helpers-debuginfo-7.2p2-9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh-askpass-gnome / openssh-askpass-gnome-debuginfo / openssh / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0606-1.NASL
    descriptionThis update for openssh fixes the following issues: Security issues fixed : - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed : - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97570
    published2017-03-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97570
    titleSUSE SLES11 Security Update : openssh (SUSE-SU-2017:0606-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0606-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97570);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2016-10009", "CVE-2016-10011", "CVE-2016-8858");
    
      script_name(english:"SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0606-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for openssh fixes the following issues: Security issues
    fixed :
    
      - CVE-2016-8858: prevent resource depletion during key
        exchange (bsc#1005480)
    
      - CVE-2016-10009: limit directories for loading PKCS11
        modules to avoid privilege escalation (bsc#1016366)
    
      - CVE-2016-10011: Prevent possible leaks of host private
        keys to low-privilege process handling authentication
        (bsc#1016369) Non security issues fixed :
    
      - Properly verify CIDR masks in the AllowUsers and
        DenyUsers configuration lists (bsc#1005893)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005480"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1016366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1016369"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10009/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10011/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-8858/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170606-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?67b25b28"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-openssh-13005=1
    
    SUSE Manager Proxy 2.1:zypper in -t patch slemap21-openssh-13005=1
    
    SUSE Manager 2.1:zypper in -t patch sleman21-openssh-13005=1
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-openssh-13005=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-openssh-13005=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-openssh-13005=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh-askpass");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"3", reference:"openssh-6.2p2-0.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"openssh-askpass-6.2p2-0.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"openssh-askpass-gnome-6.2p2-0.40.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0264-1.NASL
    descriptionThis update for openssh fixes several issues. These security issues were fixed : - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests (bsc#1005480). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c allowed remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket (bsc#1016366). - CVE-2016-10010: When forwarding unix domain sockets with privilege separation disabled, the resulting sockets have be created as
    last seen2020-06-01
    modified2020-06-02
    plugin id96718
    published2017-01-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96718
    titleSUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2017:0264-1)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10837.NASL
    descriptionAccording to its self-reported version number, the remote Junos device is affected by a denial of service vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id106394
    published2018-01-26
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106394
    titleJuniper Junos Key Exchange Initialization Handling Memory Exhaustion Remote DoS (JSA10837)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0607-1.NASL
    descriptionThis update for openssh fixes the following issues : - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97571
    published2017-03-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97571
    titleSUSE SLES12 Security Update : openssh (SUSE-SU-2017:0607-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0014.NASL
    descriptionAn update of [ openssh , linux ] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111848
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111848
    titlePhoton OS 1.0: Linux / Openssh PHSA-2016-0014 (deprecated)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201612-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201612-18 (OpenSSH: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could cause Denial of Service and conduct user enumeration. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id95604
    published2016-12-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95604
    titleGLSA-201612-18 : OpenSSH: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-339.NASL
    descriptionThis update for openssh fixes the following issues : - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-03-14
    plugin id97716
    published2017-03-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97716
    titleopenSUSE Security Update : openssh (openSUSE-2017-339)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0014_OPENSSH.NASL
    descriptionAn update of the openssh package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121659
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121659
    titlePhoton OS 1.0: Openssh PHSA-2016-0014
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0607-3.NASL
    descriptionThis update for openssh fixes the following issues : - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97653
    published2017-03-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97653
    titleSUSE SLES12 Security Update : openssh (SUSE-SU-2017:0607-3)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1006.NASL
    descriptionAccording to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that
    last seen2020-05-06
    modified2017-05-01
    plugin id99852
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99852
    titleEulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1006)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0607-2.NASL
    descriptionThis update for openssh fixes the following issues : - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97652
    published2017-03-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97652
    titleSUSE SLED12 Security Update : openssh (SUSE-SU-2017:0607-2)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6A2CFCDC9DEA11E6A29814DAE9D210B8.NASL
    descriptionWhen processing the SSH_MSG_KEXINIT message, the server could allocate up to a few hundreds of megabytes of memory per each connection, before any authentication take place. Impact : A remote attacker may be able to cause a SSH server to allocate an excessive amount of memory. Note that the default MaxStartups setting on FreeBSD will limit the effectiveness of this attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id94418
    published2016-10-31
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94418
    titleFreeBSD : FreeBSD -- OpenSSH Remote Denial of Service vulnerability (6a2cfcdc-9dea-11e6-a298-14dae9d210b8)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-17_03.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-06-01
    modified2020-06-02
    plugin id106503
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106503
    titlepfSense < 2.3.3 Multiple Vulnerabilities (SA-17_01 - SA-17_03)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0603-1.NASL
    descriptionThis update for openssh fixes the following issues: Security issues fixed : - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed : - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97549
    published2017-03-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97549
    titleSUSE SLES11 Security Update : openssh (SUSE-SU-2017:0603-1)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSH_ADVISORY10.NASL
    descriptionThe remote AIX host has a version of OpenSSH installed that is affected by the following vulnerabilities : - OpenSSH is vulnerable to a denial of service, caused by an error in the kex_input_kexinit() function. By sending specially crafted data during the key exchange process, a remote attacker could exploit this vulnerability to consume all available memory resources. (CVE-2016-8858) - OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading of a specially crafted PKCS#11 module across a forwarded agent channel. An attacker could exploit this vulnerability to write files or execute arbitrary code on the system. (CVE-2016-10009) - OpenSSH could allow a local authenticated attacker to obtain sensitive information, caused by a privilege separation flaw. An attacker could exploit this vulnerability to obtain host private key material and other sensitive information. (CVE-2016-10011) - OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by improper bounds checking in the shared memory manager. An attacker could exploit this vulnerability to gain elevated privileges on the system. (CVE-2016-10012)
    last seen2020-05-06
    modified2020-05-05
    plugin id136324
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136324
    titleAIX OpenSSH Advisory : openssh_advisory10.asc

References