Vulnerabilities > CVE-2018-15473 - Race Condition vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Exploit-Db
file exploits/linux/remote/45939.py id EDB-ID:45939 last seen 2018-12-04 modified 2018-12-04 platform linux port 22 published 2018-12-04 reporter Exploit-DB source https://www.exploit-db.com/download/45939 title OpenSSH < 7.7 - User Enumeration (2) type remote description OpenSSH 7.7 - Username Enumeration. CVE-2018-15473. Remote exploit for Linux platform file exploits/linux/remote/45233.py id EDB-ID:45233 last seen 2018-08-21 modified 2018-08-21 platform linux port published 2018-08-21 reporter Exploit-DB source https://www.exploit-db.com/download/45233/ title OpenSSH 7.7 - Username Enumeration type remote id EDB-ID:45210
Metasploit
description | This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users. Testing note: invalid users were logged, while valid users were not. YMMV. |
id | MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS |
last seen | 2020-02-17 |
modified | 2018-09-15 |
published | 2014-04-28 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ssh/ssh_enumusers.rb |
title | SSH Username Enumeration |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1474.NASL description It was discovered that there was a user enumeration vulnerability in OpenSSH. A remote attacker couldtest whether a certain user exists on a target server. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 112050 published 2018-08-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112050 title Debian DLA-1474-1 : openssh security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1474-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(112050); script_version("1.4"); script_cvs_date("Date: 2019/04/05 23:25:05"); script_cve_id("CVE-2018-15473"); script_name(english:"Debian DLA-1474-1 : openssh security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that there was a user enumeration vulnerability in OpenSSH. A remote attacker couldtest whether a certain user exists on a target server. For Debian 8 'Jessie', this issue has been fixed in openssh version 1:6.7p1-5+deb8u5. We recommend that you upgrade your openssh packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/openssh" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-client-udeb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-server-udeb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-sftp-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ssh-askpass-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ssh-krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"openssh-client", reference:"1:6.7p1-5+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"openssh-client-udeb", reference:"1:6.7p1-5+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"openssh-server", reference:"1:6.7p1-5+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"openssh-server-udeb", reference:"1:6.7p1-5+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"openssh-sftp-server", reference:"1:6.7p1-5+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"ssh", reference:"1:6.7p1-5+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"ssh-askpass-gnome", reference:"1:6.7p1-5+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"ssh-krb5", reference:"1:6.7p1-5+deb8u5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2018-065A7722EE.NASL description New upstream release with security fix for CVE-2018-15473 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120214 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120214 title Fedora 28 : openssh (2018-065a7722ee) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-065a7722ee. # include("compat.inc"); if (description) { script_id(120214); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-15473"); script_xref(name:"FEDORA", value:"2018-065a7722ee"); script_name(english:"Fedora 28 : openssh (2018-065a7722ee)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New upstream release with security fix for CVE-2018-15473 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-065a7722ee" ); script_set_attribute( attribute:"solution", value:"Update the affected openssh package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssh"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"openssh-7.8p1-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20190409_OPENSSH_ON_SL6_X.NASL description Security Fix(es) : - openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) last seen 2020-03-18 modified 2019-04-10 plugin id 123966 published 2019-04-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123966 title Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20190409) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(123966); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2018-15473"); script_name(english:"Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20190409)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1904&L=SCIENTIFIC-LINUX-ERRATA&P=748 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bd0cc0cf" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-askpass"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"openssh-5.3p1-124.el6_10")) flag++; if (rpm_check(release:"SL6", reference:"openssh-askpass-5.3p1-124.el6_10")) flag++; if (rpm_check(release:"SL6", reference:"openssh-clients-5.3p1-124.el6_10")) flag++; if (rpm_check(release:"SL6", reference:"openssh-debuginfo-5.3p1-124.el6_10")) flag++; if (rpm_check(release:"SL6", reference:"openssh-ldap-5.3p1-124.el6_10")) flag++; if (rpm_check(release:"SL6", reference:"openssh-server-5.3p1-124.el6_10")) flag++; if (rpm_check(release:"SL6", reference:"pam_ssh_agent_auth-0.9.3-124.el6_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0711.NASL description An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 123916 published 2019-04-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123916 title RHEL 6 : openssh (RHSA-2019:0711) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1075.NASL description OpenSSH is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) last seen 2020-06-01 modified 2020-06-02 plugin id 117347 published 2018-09-07 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117347 title Amazon Linux AMI : openssh (ALAS-2018-1075) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0126_OPENSSH.NASL description An update of the openssh package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122030 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122030 title Photon OS 2.0: Openssh PHSA-2019-2.0-0126 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3809-1.NASL description Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118795 published 2018-11-07 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118795 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : openssh vulnerabilities (USN-3809-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0091_OPENSSH.NASL description The remote NewStart CGSL host, running version MAIN 4.06, has openssh packages installed that are affected by a vulnerability: - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (CVE-2018-15473) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127310 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127310 title NewStart CGSL MAIN 4.06 : openssh Vulnerability (NS-SA-2019-0091) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2143.NASL description An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127683 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127683 title RHEL 7 : openssh (RHSA-2019:2143) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3686-1.NASL description This update for openssh fixes the following issues : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or last seen 2020-06-01 modified 2020-06-02 plugin id 120162 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120162 title SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2018:3686-1) NASL family Firewalls NASL id PFSENSE_SA-18_08.NASL description According to its self-reported version number, the remote pfSense install is a version 2.3.x prior or equal to 2.3.5-p2 or 2.4.x prior to 2.4.3-p1. It is, therefore, affected by multiple vulnerabilities: - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. (CVE-2018-3620) - An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP. (CVE-2018-16055) - a denial of service vulnerability exists in the ip fragment reassembly code due to excessive system resource consumption. This issue can allow a remote attacker who is able to send arbitrary ip fragments to cause the machine to consume excessive resources. (CVE-2018-6923) last seen 2020-06-01 modified 2020-06-02 plugin id 119887 published 2018-12-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119887 title pfSense 2.3.x <= 2.3.5-p2 / 2.4.x < 2.4.4 Multiple Vulnerabilities (SA-18_06 / SA-18_07 / SA-18_08) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3910-1.NASL description This update for openssh fixes the following issues : Following security issues have been fixed : CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119213 published 2018-11-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119213 title SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2018:3910-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1426.NASL description According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.(CVE-2017-15906) - In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.(CVE-2018-20685) - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.(CVE-2019-6109) - An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).(CVE-2019-6111) - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124929 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124929 title EulerOS Virtualization 3.0.1.0 : openssh (EulerOS-SA-2019-1426) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1008.NASL description According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-01-08 plugin id 120996 published 2019-01-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120996 title EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1008) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0711.NASL description An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 124034 published 2019-04-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124034 title CentOS 6 : openssh (CESA-2019:0711) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1411.NASL description According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119900 published 2018-12-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119900 title EulerOS Virtualization 2.5.1 : openssh (EulerOS-SA-2018-1411) NASL family Fedora Local Security Checks NASL id FEDORA_2018-F56DED11C4.NASL description Security fix for CVE-2018-15473 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-09-14 plugin id 117491 published 2018-09-14 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117491 title Fedora 27 : openssh (2018-f56ded11c4) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1476.NASL description A vulnerability in dropbear, a lightweight SSH2 server and client, making it possible to guess valid usernames has been found : CVE-2018-15599 : The recv_msg_userauth_request function in svr-auth.c in is prone to a user enumeration vulnerability, similar to CVE-2018-15473 in OpenSSH. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 112125 published 2018-08-28 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112125 title Debian DLA-1476-1 : dropbear security update NASL family Scientific Linux Local Security Checks NASL id SL_20190806_OPENSSH_ON_SL7_X.NASL description Security Fix(es) : - openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) last seen 2020-03-18 modified 2019-08-27 plugin id 128246 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128246 title Scientific Linux Security Update : openssh on SL7.x x86_64 (20190806) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1075.NASL description OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) last seen 2020-06-01 modified 2020-06-02 plugin id 117708 published 2018-09-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117708 title Amazon Linux 2 : openssh (ALAS-2018-1075) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0155_OPENSSH.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has openssh packages installed that are affected by a vulnerability: - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (CVE-2018-15473) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127431 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127431 title NewStart CGSL MAIN 4.05 : openssh Vulnerability (NS-SA-2019-0155) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1477.NASL description This update for openssh fixes the following issues : Following security issues have been fixed : - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed : - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2018-11-30 plugin id 119295 published 2018-11-30 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119295 title openSUSE Security Update : openssh (openSUSE-2018-1477) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2019-0013.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix for CVE-2018-15473: User enumeration via malformed packets in authentication requests last seen 2020-06-01 modified 2020-06-02 plugin id 124013 published 2019-04-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124013 title OracleVM 3.3 / 3.4 : openssh (OVMSA-2019-0013) NASL family AIX Local Security Checks NASL id AIX_OPENSSH_ADVISORY12.NASL description The remote AIX host has a version of OpenSSH installed that is affected by a vulnerability that allows a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate valid usernames. last seen 2020-06-01 modified 2020-06-02 plugin id 136325 published 2020-05-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136325 title AIX OpenSSH Advisory : openssh_advisory12.asc NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0711.NASL description From Red Hat Security Advisory 2019:0711 : An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 123986 published 2019-04-11 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123986 title Oracle Linux 6 : openssh (ELSA-2019-0711) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1405.NASL description According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-12-10 plugin id 119533 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119533 title EulerOS 2.0 SP3 : openssh (EulerOS-SA-2018-1405) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3781-1.NASL description This update for openssh fixes the following issues : Following security issues have been fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or last seen 2020-06-01 modified 2020-06-02 plugin id 119032 published 2018-11-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119032 title SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3781-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1198.NASL description According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.i1/4^CVE-2018-15473i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123884 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123884 title EulerOS Virtualization 2.5.3 : openssh (EulerOS-SA-2019-1198) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1199.NASL description According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123885 published 2019-04-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123885 title EulerOS Virtualization 2.5.4 : openssh (EulerOS-SA-2019-1199) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2143.NASL description An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128363 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128363 title CentOS 7 : openssh (CESA-2019:2143) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3776-1.NASL description This update for openssh fixes the following issues : Following security issues have been fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or last seen 2020-06-01 modified 2020-06-02 plugin id 119031 published 2018-11-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119031 title SUSE SLES12 Security Update : openssh (SUSE-SU-2018:3776-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1431.NASL description According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-12-28 plugin id 119920 published 2018-12-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119920 title EulerOS 2.0 SP2 : openssh (EulerOS-SA-2018-1431) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3540-1.NASL description This update for openssh fixes the following issues : Security issues fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or last seen 2020-06-01 modified 2020-06-02 plugin id 118498 published 2018-10-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118498 title SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3540-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1413.NASL description According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119902 published 2018-12-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119902 title EulerOS Virtualization 2.5.2 : openssh (EulerOS-SA-2018-1413) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4280.NASL description Dariusz Tytko, Michal Sajdak and Qualys Security discovered that OpenSSH, an implementation of the SSH protocol suite, was prone to a user enumeration vulnerability. This would allow a remote attacker to check whether a specific user account existed on the target server. last seen 2020-06-01 modified 2020-06-02 plugin id 112066 published 2018-08-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112066 title Debian DSA-4280-1 : openssh - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1419.NASL description This update for openssh fixes the following issues : - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or last seen 2020-06-05 modified 2018-11-19 plugin id 119024 published 2018-11-19 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119024 title openSUSE Security Update : openssh (openSUSE-2018-1419) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-914.NASL description This update for openssh fixes the following issues : - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or last seen 2020-06-01 modified 2020-06-02 plugin id 123374 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123374 title openSUSE Security Update : openssh (openSUSE-2019-914) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201810-03.NASL description The remote host is affected by the vulnerability described in GLSA-201810-03 (OpenSSH: User enumeration vulnerability) It was discovered that OpenSSH was prone to a user enumeration vulnerability. Impact : A remote attacker could conduct user enumeration. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 117968 published 2018-10-09 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117968 title GLSA-201810-03 : OpenSSH: User enumeration vulnerability NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0137_OPENSSH-LATEST.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by a vulnerability: - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (CVE-2018-15473) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127398 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127398 title NewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2019-0137)
Packetstorm
data source | https://packetstormsecurity.com/files/download/150621/openssh77-enumerate.txt |
id | PACKETSTORM:150621 |
last seen | 2018-12-06 |
published | 2018-12-05 |
reporter | Matthew Daley |
source | https://packetstormsecurity.com/files/150621/OpenSSH-User-Enumeration.html |
title | OpenSSH User Enumeration |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.openwall.com/lists/oss-security/2018/08/15/5
- http://www.openwall.com/lists/oss-security/2018/08/15/5
- http://www.securityfocus.com/bid/105140
- http://www.securityfocus.com/bid/105140
- http://www.securitytracker.com/id/1041487
- http://www.securitytracker.com/id/1041487
- https://access.redhat.com/errata/RHSA-2019:0711
- https://access.redhat.com/errata/RHSA-2019:0711
- https://access.redhat.com/errata/RHSA-2019:2143
- https://access.redhat.com/errata/RHSA-2019:2143
- https://bugs.debian.org/906236
- https://bugs.debian.org/906236
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
- https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
- https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
- https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
- https://security.gentoo.org/glsa/201810-03
- https://security.gentoo.org/glsa/201810-03
- https://security.netapp.com/advisory/ntap-20181101-0001/
- https://security.netapp.com/advisory/ntap-20181101-0001/
- https://usn.ubuntu.com/3809-1/
- https://usn.ubuntu.com/3809-1/
- https://www.debian.org/security/2018/dsa-4280
- https://www.debian.org/security/2018/dsa-4280
- https://www.exploit-db.com/exploits/45210/
- https://www.exploit-db.com/exploits/45210/
- https://www.exploit-db.com/exploits/45233/
- https://www.exploit-db.com/exploits/45233/
- https://www.exploit-db.com/exploits/45939/
- https://www.exploit-db.com/exploits/45939/
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html