Vulnerabilities > CVE-2018-15473 - Race Condition vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
openbsd
debian
redhat
canonical
netapp
oracle
siemens
CWE-362
nessus
exploit available
metasploit

Summary

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Vulnerable Configurations

Part Description Count
Application
Openbsd
239
Application
Netapp
14
Application
Oracle
1
OS
Debian
2
OS
Redhat
6
OS
Canonical
3
OS
Netapp
3
OS
Siemens
1
Hardware
Netapp
1
Hardware
Siemens
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Exploit-Db

  • fileexploits/linux/remote/45939.py
    idEDB-ID:45939
    last seen2018-12-04
    modified2018-12-04
    platformlinux
    port22
    published2018-12-04
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45939
    titleOpenSSH < 7.7 - User Enumeration (2)
    typeremote
  • descriptionOpenSSH 7.7 - Username Enumeration. CVE-2018-15473. Remote exploit for Linux platform
    fileexploits/linux/remote/45233.py
    idEDB-ID:45233
    last seen2018-08-21
    modified2018-08-21
    platformlinux
    port
    published2018-08-21
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45233/
    titleOpenSSH 7.7 - Username Enumeration
    typeremote
  • idEDB-ID:45210

Metasploit

descriptionThis module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users. Testing note: invalid users were logged, while valid users were not. YMMV.
idMSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS
last seen2020-02-17
modified2018-09-15
published2014-04-28
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ssh/ssh_enumusers.rb
titleSSH Username Enumeration

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1474.NASL
    descriptionIt was discovered that there was a user enumeration vulnerability in OpenSSH. A remote attacker couldtest whether a certain user exists on a target server. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id112050
    published2018-08-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112050
    titleDebian DLA-1474-1 : openssh security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1474-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(112050);
      script_version("1.4");
      script_cvs_date("Date: 2019/04/05 23:25:05");
    
      script_cve_id("CVE-2018-15473");
    
      script_name(english:"Debian DLA-1474-1 : openssh security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that there was a user enumeration vulnerability in
    OpenSSH. A remote attacker couldtest whether a certain user exists on
    a target server.
    
    For Debian 8 'Jessie', this issue has been fixed in openssh version
    1:6.7p1-5+deb8u5.
    
    We recommend that you upgrade your openssh packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/openssh"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-client-udeb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-server-udeb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-sftp-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ssh-askpass-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ssh-krb5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"openssh-client", reference:"1:6.7p1-5+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"openssh-client-udeb", reference:"1:6.7p1-5+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"openssh-server", reference:"1:6.7p1-5+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"openssh-server-udeb", reference:"1:6.7p1-5+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"openssh-sftp-server", reference:"1:6.7p1-5+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"ssh", reference:"1:6.7p1-5+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"ssh-askpass-gnome", reference:"1:6.7p1-5+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"ssh-krb5", reference:"1:6.7p1-5+deb8u5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-065A7722EE.NASL
    descriptionNew upstream release with security fix for CVE-2018-15473 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120214
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120214
    titleFedora 28 : openssh (2018-065a7722ee)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-065a7722ee.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120214);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-15473");
      script_xref(name:"FEDORA", value:"2018-065a7722ee");
    
      script_name(english:"Fedora 28 : openssh (2018-065a7722ee)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New upstream release with security fix for CVE-2018-15473
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-065a7722ee"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssh package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssh");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"openssh-7.8p1-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190409_OPENSSH_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
    last seen2020-03-18
    modified2019-04-10
    plugin id123966
    published2019-04-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123966
    titleScientific Linux Security Update : openssh on SL6.x i386/x86_64 (20190409)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123966);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2018-15473");
    
      script_name(english:"Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20190409)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - openssh: User enumeration via malformed packets in
        authentication requests (CVE-2018-15473)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1904&L=SCIENTIFIC-LINUX-ERRATA&P=748
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bd0cc0cf"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-askpass");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssh-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"openssh-5.3p1-124.el6_10")) flag++;
    if (rpm_check(release:"SL6", reference:"openssh-askpass-5.3p1-124.el6_10")) flag++;
    if (rpm_check(release:"SL6", reference:"openssh-clients-5.3p1-124.el6_10")) flag++;
    if (rpm_check(release:"SL6", reference:"openssh-debuginfo-5.3p1-124.el6_10")) flag++;
    if (rpm_check(release:"SL6", reference:"openssh-ldap-5.3p1-124.el6_10")) flag++;
    if (rpm_check(release:"SL6", reference:"openssh-server-5.3p1-124.el6_10")) flag++;
    if (rpm_check(release:"SL6", reference:"pam_ssh_agent_auth-0.9.3-124.el6_10")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0711.NASL
    descriptionAn update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id123916
    published2019-04-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123916
    titleRHEL 6 : openssh (RHSA-2019:0711)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1075.NASL
    descriptionOpenSSH is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473)
    last seen2020-06-01
    modified2020-06-02
    plugin id117347
    published2018-09-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117347
    titleAmazon Linux AMI : openssh (ALAS-2018-1075)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0126_OPENSSH.NASL
    descriptionAn update of the openssh package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122030
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122030
    titlePhoton OS 2.0: Openssh PHSA-2019-2.0-0126
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3809-1.NASL
    descriptionRobert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118795
    published2018-11-07
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118795
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : openssh vulnerabilities (USN-3809-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0091_OPENSSH.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has openssh packages installed that are affected by a vulnerability: - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (CVE-2018-15473) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127310
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127310
    titleNewStart CGSL MAIN 4.06 : openssh Vulnerability (NS-SA-2019-0091)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2143.NASL
    descriptionAn update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127683
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127683
    titleRHEL 7 : openssh (RHSA-2019:2143)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3686-1.NASL
    descriptionThis update for openssh fixes the following issues : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or
    last seen2020-06-01
    modified2020-06-02
    plugin id120162
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120162
    titleSUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2018:3686-1)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-18_08.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is a version 2.3.x prior or equal to 2.3.5-p2 or 2.4.x prior to 2.4.3-p1. It is, therefore, affected by multiple vulnerabilities: - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. (CVE-2018-3620) - An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP. (CVE-2018-16055) - a denial of service vulnerability exists in the ip fragment reassembly code due to excessive system resource consumption. This issue can allow a remote attacker who is able to send arbitrary ip fragments to cause the machine to consume excessive resources. (CVE-2018-6923)
    last seen2020-06-01
    modified2020-06-02
    plugin id119887
    published2018-12-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119887
    titlepfSense 2.3.x <= 2.3.5-p2 / 2.4.x < 2.4.4 Multiple Vulnerabilities (SA-18_06 / SA-18_07 / SA-18_08)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3910-1.NASL
    descriptionThis update for openssh fixes the following issues : Following security issues have been fixed : CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119213
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119213
    titleSUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2018:3910-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1426.NASL
    descriptionAccording to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.(CVE-2017-15906) - In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.(CVE-2018-20685) - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.(CVE-2019-6109) - An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).(CVE-2019-6111) - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124929
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124929
    titleEulerOS Virtualization 3.0.1.0 : openssh (EulerOS-SA-2019-1426)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1008.NASL
    descriptionAccording to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-01-08
    plugin id120996
    published2019-01-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120996
    titleEulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1008)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0711.NASL
    descriptionAn update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124034
    published2019-04-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124034
    titleCentOS 6 : openssh (CESA-2019:0711)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1411.NASL
    descriptionAccording to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119900
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119900
    titleEulerOS Virtualization 2.5.1 : openssh (EulerOS-SA-2018-1411)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-F56DED11C4.NASL
    descriptionSecurity fix for CVE-2018-15473 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-09-14
    plugin id117491
    published2018-09-14
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117491
    titleFedora 27 : openssh (2018-f56ded11c4)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1476.NASL
    descriptionA vulnerability in dropbear, a lightweight SSH2 server and client, making it possible to guess valid usernames has been found : CVE-2018-15599 : The recv_msg_userauth_request function in svr-auth.c in is prone to a user enumeration vulnerability, similar to CVE-2018-15473 in OpenSSH. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id112125
    published2018-08-28
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112125
    titleDebian DLA-1476-1 : dropbear security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_OPENSSH_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
    last seen2020-03-18
    modified2019-08-27
    plugin id128246
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128246
    titleScientific Linux Security Update : openssh on SL7.x x86_64 (20190806)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1075.NASL
    descriptionOpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473)
    last seen2020-06-01
    modified2020-06-02
    plugin id117708
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117708
    titleAmazon Linux 2 : openssh (ALAS-2018-1075)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0155_OPENSSH.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has openssh packages installed that are affected by a vulnerability: - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (CVE-2018-15473) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127431
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127431
    titleNewStart CGSL MAIN 4.05 : openssh Vulnerability (NS-SA-2019-0155)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1477.NASL
    descriptionThis update for openssh fixes the following issues : Following security issues have been fixed : - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed : - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2018-11-30
    plugin id119295
    published2018-11-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119295
    titleopenSUSE Security Update : openssh (openSUSE-2018-1477)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0013.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix for CVE-2018-15473: User enumeration via malformed packets in authentication requests
    last seen2020-06-01
    modified2020-06-02
    plugin id124013
    published2019-04-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124013
    titleOracleVM 3.3 / 3.4 : openssh (OVMSA-2019-0013)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSH_ADVISORY12.NASL
    descriptionThe remote AIX host has a version of OpenSSH installed that is affected by a vulnerability that allows a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate valid usernames.
    last seen2020-06-01
    modified2020-06-02
    plugin id136325
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136325
    titleAIX OpenSSH Advisory : openssh_advisory12.asc
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0711.NASL
    descriptionFrom Red Hat Security Advisory 2019:0711 : An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id123986
    published2019-04-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123986
    titleOracle Linux 6 : openssh (ELSA-2019-0711)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1405.NASL
    descriptionAccording to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-10
    plugin id119533
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119533
    titleEulerOS 2.0 SP3 : openssh (EulerOS-SA-2018-1405)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3781-1.NASL
    descriptionThis update for openssh fixes the following issues : Following security issues have been fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or
    last seen2020-06-01
    modified2020-06-02
    plugin id119032
    published2018-11-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119032
    titleSUSE SLES11 Security Update : openssh (SUSE-SU-2018:3781-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1198.NASL
    descriptionAccording to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.i1/4^CVE-2018-15473i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123884
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123884
    titleEulerOS Virtualization 2.5.3 : openssh (EulerOS-SA-2019-1198)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1199.NASL
    descriptionAccording to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123885
    published2019-04-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123885
    titleEulerOS Virtualization 2.5.4 : openssh (EulerOS-SA-2019-1199)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2143.NASL
    descriptionAn update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es) : * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128363
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128363
    titleCentOS 7 : openssh (CESA-2019:2143)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3776-1.NASL
    descriptionThis update for openssh fixes the following issues : Following security issues have been fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or
    last seen2020-06-01
    modified2020-06-02
    plugin id119031
    published2018-11-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119031
    titleSUSE SLES12 Security Update : openssh (SUSE-SU-2018:3776-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1431.NASL
    descriptionAccording to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119920
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119920
    titleEulerOS 2.0 SP2 : openssh (EulerOS-SA-2018-1431)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3540-1.NASL
    descriptionThis update for openssh fixes the following issues : Security issues fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or
    last seen2020-06-01
    modified2020-06-02
    plugin id118498
    published2018-10-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118498
    titleSUSE SLES11 Security Update : openssh (SUSE-SU-2018:3540-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1413.NASL
    descriptionAccording to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.(CVE-2018-15473) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119902
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119902
    titleEulerOS Virtualization 2.5.2 : openssh (EulerOS-SA-2018-1413)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4280.NASL
    descriptionDariusz Tytko, Michal Sajdak and Qualys Security discovered that OpenSSH, an implementation of the SSH protocol suite, was prone to a user enumeration vulnerability. This would allow a remote attacker to check whether a specific user account existed on the target server.
    last seen2020-06-01
    modified2020-06-02
    plugin id112066
    published2018-08-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112066
    titleDebian DSA-4280-1 : openssh - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1419.NASL
    descriptionThis update for openssh fixes the following issues : - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or
    last seen2020-06-05
    modified2018-11-19
    plugin id119024
    published2018-11-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119024
    titleopenSUSE Security Update : openssh (openSUSE-2018-1419)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-914.NASL
    descriptionThis update for openssh fixes the following issues : - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or
    last seen2020-06-01
    modified2020-06-02
    plugin id123374
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123374
    titleopenSUSE Security Update : openssh (openSUSE-2019-914)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201810-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201810-03 (OpenSSH: User enumeration vulnerability) It was discovered that OpenSSH was prone to a user enumeration vulnerability. Impact : A remote attacker could conduct user enumeration. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id117968
    published2018-10-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117968
    titleGLSA-201810-03 : OpenSSH: User enumeration vulnerability
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0137_OPENSSH-LATEST.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by a vulnerability: - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (CVE-2018-15473) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127398
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127398
    titleNewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2019-0137)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/150621/openssh77-enumerate.txt
idPACKETSTORM:150621
last seen2018-12-06
published2018-12-05
reporterMatthew Daley
sourcehttps://packetstormsecurity.com/files/150621/OpenSSH-User-Enumeration.html
titleOpenSSH User Enumeration

Redhat

advisories
  • bugzilla
    id1619063
    titleCVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentopenssh-ldap is earlier than 0:5.3p1-124.el6_10
            ovaloval:com.redhat.rhsa:tst:20190711001
          • commentopenssh-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884010
        • AND
          • commentpam_ssh_agent_auth is earlier than 0:0.9.3-124.el6_10
            ovaloval:com.redhat.rhsa:tst:20190711003
          • commentpam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884012
        • AND
          • commentopenssh is earlier than 0:5.3p1-124.el6_10
            ovaloval:com.redhat.rhsa:tst:20190711005
          • commentopenssh is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884004
        • AND
          • commentopenssh-askpass is earlier than 0:5.3p1-124.el6_10
            ovaloval:com.redhat.rhsa:tst:20190711007
          • commentopenssh-askpass is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884008
        • AND
          • commentopenssh-clients is earlier than 0:5.3p1-124.el6_10
            ovaloval:com.redhat.rhsa:tst:20190711009
          • commentopenssh-clients is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884002
        • AND
          • commentopenssh-server is earlier than 0:5.3p1-124.el6_10
            ovaloval:com.redhat.rhsa:tst:20190711011
          • commentopenssh-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884006
    rhsa
    idRHSA-2019:0711
    released2019-04-09
    severityLow
    titleRHSA-2019:0711: openssh security update (Low)
  • bugzilla
    id1722446
    titleopenssh FIPS cipher list has an extra comma in it
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentopenssh-keycat is earlier than 0:7.4p1-21.el7
            ovaloval:com.redhat.rhsa:tst:20192143001
          • commentopenssh-keycat is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150425016
        • AND
          • commentopenssh-askpass is earlier than 0:7.4p1-21.el7
            ovaloval:com.redhat.rhsa:tst:20192143003
          • commentopenssh-askpass is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884008
        • AND
          • commentopenssh-server is earlier than 0:7.4p1-21.el7
            ovaloval:com.redhat.rhsa:tst:20192143005
          • commentopenssh-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884006
        • AND
          • commentopenssh is earlier than 0:7.4p1-21.el7
            ovaloval:com.redhat.rhsa:tst:20192143007
          • commentopenssh is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884004
        • AND
          • commentopenssh-clients is earlier than 0:7.4p1-21.el7
            ovaloval:com.redhat.rhsa:tst:20192143009
          • commentopenssh-clients is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884002
        • AND
          • commentopenssh-cavs is earlier than 0:7.4p1-21.el7
            ovaloval:com.redhat.rhsa:tst:20192143011
          • commentopenssh-cavs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172029008
        • AND
          • commentpam_ssh_agent_auth is earlier than 0:0.10.3-2.21.el7
            ovaloval:com.redhat.rhsa:tst:20192143013
          • commentpam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884012
        • AND
          • commentopenssh-ldap is earlier than 0:7.4p1-21.el7
            ovaloval:com.redhat.rhsa:tst:20192143015
          • commentopenssh-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120884010
        • AND
          • commentopenssh-server-sysvinit is earlier than 0:7.4p1-21.el7
            ovaloval:com.redhat.rhsa:tst:20192143017
          • commentopenssh-server-sysvinit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150425002
    rhsa
    idRHSA-2019:2143
    released2019-08-06
    severityLow
    titleRHSA-2019:2143: openssh security, bug fix, and enhancement update (Low)
rpms
  • openssh-0:5.3p1-124.el6_10
  • openssh-askpass-0:5.3p1-124.el6_10
  • openssh-clients-0:5.3p1-124.el6_10
  • openssh-debuginfo-0:5.3p1-124.el6_10
  • openssh-ldap-0:5.3p1-124.el6_10
  • openssh-server-0:5.3p1-124.el6_10
  • pam_ssh_agent_auth-0:0.9.3-124.el6_10
  • openssh-0:7.4p1-21.el7
  • openssh-askpass-0:7.4p1-21.el7
  • openssh-cavs-0:7.4p1-21.el7
  • openssh-clients-0:7.4p1-21.el7
  • openssh-debuginfo-0:7.4p1-21.el7
  • openssh-keycat-0:7.4p1-21.el7
  • openssh-ldap-0:7.4p1-21.el7
  • openssh-server-0:7.4p1-21.el7
  • openssh-server-sysvinit-0:7.4p1-21.el7
  • pam_ssh_agent_auth-0:0.10.3-2.21.el7

References