ID CVE-2010-5107
Summary The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
References
Vulnerable Configurations
  • OpenBSD OpenSSH 6.1
    cpe:2.3:a:openbsd:openssh:6.1
  • OpenBSD OpenSSH 6.0
    cpe:2.3:a:openbsd:openssh:6.0
  • OpenBSD OpenSSH 5.6
    cpe:2.3:a:openbsd:openssh:5.6
  • OpenBSD OpenSSH 5.4
    cpe:2.3:a:openbsd:openssh:5.4
  • OpenBSD OpenSSH 5.5
    cpe:2.3:a:openbsd:openssh:5.5
  • OpenBSD OpenSSH 5.2
    cpe:2.3:a:openbsd:openssh:5.2
  • OpenBSD OpenSSH 5.3
    cpe:2.3:a:openbsd:openssh:5.3
  • OpenBSD OpenSSH 5.7
    cpe:2.3:a:openbsd:openssh:5.7
  • OpenBSD OpenSSH 5.1
    cpe:2.3:a:openbsd:openssh:5.1
  • OpenBSD OpenSSH 5.8
    cpe:2.3:a:openbsd:openssh:5.8
  • OpenBSD OpenSSH 5.0
    cpe:2.3:a:openbsd:openssh:5.0
  • OpenBSD OpenSSH 5.9
    cpe:2.3:a:openbsd:openssh:5.9
  • OpenBSD OpenSSH 5.8p2
    cpe:2.3:a:openbsd:openssh:5.8p2
  • OpenBSD OpenSSH 4.6
    cpe:2.3:a:openbsd:openssh:4.6
  • OpenBSD OpenSSH 4.5
    cpe:2.3:a:openbsd:openssh:4.5
  • OpenBSD OpenSSH Portable 4.0.p1
    cpe:2.3:a:openbsd:openssh:4.0p1
  • OpenBSD OpenSSH Portable 4.2.p1
    cpe:2.3:a:openbsd:openssh:4.2p1
  • OpenBSD OpenSSH Portable 4.1.p1
    cpe:2.3:a:openbsd:openssh:4.1p1
  • OpenBSD OpenSSH Portable 4.3.p2
    cpe:2.3:a:openbsd:openssh:4.3p2
  • OpenBSD OpenSSH Portable 4.3.p1
    cpe:2.3:a:openbsd:openssh:4.3p1
  • OpenBSD OpenSSH Portable 4.4.p1
    cpe:2.3:a:openbsd:openssh:4.4p1
  • OpenBSD OpenSSH 4.0
    cpe:2.3:a:openbsd:openssh:4.0
  • OpenBSD OpenSSH 4.1
    cpe:2.3:a:openbsd:openssh:4.1
  • OpenBSD OpenSSH 4.2
    cpe:2.3:a:openbsd:openssh:4.2
  • OpenBSD OpenSSH 4.3
    cpe:2.3:a:openbsd:openssh:4.3
  • OpenBSD OpenSSH 4.4
    cpe:2.3:a:openbsd:openssh:4.4
  • OpenBSD OpenSSH 4.9
    cpe:2.3:a:openbsd:openssh:4.9
  • OpenBSD OpenSSH 4.8
    cpe:2.3:a:openbsd:openssh:4.8
  • OpenBSD OpenSSH 4.7
    cpe:2.3:a:openbsd:openssh:4.7
  • OpenBSD OpenSSH 3.7.1 p2
    cpe:2.3:a:openbsd:openssh:3.7.1p2
  • OpenBSD OpenSSH 3.8
    cpe:2.3:a:openbsd:openssh:3.8
  • OpenBSD OpenSSH 3.8.1
    cpe:2.3:a:openbsd:openssh:3.8.1
  • OpenBSD OpenSSH 3.8.1 p1
    cpe:2.3:a:openbsd:openssh:3.8.1p1
  • OpenBSD OpenSSH 3.9
    cpe:2.3:a:openbsd:openssh:3.9
  • OpenBSD OpenSSH 3.9.1
    cpe:2.3:a:openbsd:openssh:3.9.1
  • OpenBSD OpenSSH 3.9.1 p1
    cpe:2.3:a:openbsd:openssh:3.9.1p1
  • OpenBSD OpenSSH 3.0.2p1
    cpe:2.3:a:openbsd:openssh:3.0.2p1
  • OpenBSD OpenSSH 3.1
    cpe:2.3:a:openbsd:openssh:3.1
  • OpenBSD OpenSSH 3.2
    cpe:2.3:a:openbsd:openssh:3.2
  • OpenBSD OpenSSH 3.1 p1
    cpe:2.3:a:openbsd:openssh:3.1p1
  • OpenBSD OpenSSH 3.0.1
    cpe:2.3:a:openbsd:openssh:3.0.1
  • OpenBSD OpenSSH 3.0 p1
    cpe:2.3:a:openbsd:openssh:3.0p1
  • OpenBSD OpenSSH 3.0.2
    cpe:2.3:a:openbsd:openssh:3.0.2
  • OpenBSD OpenSSH 3.0.1 p1
    cpe:2.3:a:openbsd:openssh:3.0.1p1
  • OpenBSD OpenSSH 3.0
    cpe:2.3:a:openbsd:openssh:3.0
  • OpenBSD OpenSSH 3.6.1 p2
    cpe:2.3:a:openbsd:openssh:3.6.1p2
  • OpenBSD OpenSSH 3.7
    cpe:2.3:a:openbsd:openssh:3.7
  • OpenBSD OpenSSH 3.7.1
    cpe:2.3:a:openbsd:openssh:3.7.1
  • OpenBSD OpenSSH 3.7.1 p1
    cpe:2.3:a:openbsd:openssh:3.7.1p1
  • OpenBSD OpenSSH 3.5 p1
    cpe:2.3:a:openbsd:openssh:3.5p1
  • OpenBSD OpenSSH 3.6
    cpe:2.3:a:openbsd:openssh:3.6
  • OpenBSD OpenSSH 3.6.1
    cpe:2.3:a:openbsd:openssh:3.6.1
  • OpenBSD OpenSSH 3.6.1 p1
    cpe:2.3:a:openbsd:openssh:3.6.1p1
  • OpenBSD OpenSSH 3.3 p1
    cpe:2.3:a:openbsd:openssh:3.3p1
  • OpenBSD OpenSSH 3.4
    cpe:2.3:a:openbsd:openssh:3.4
  • OpenBSD OpenSSH 3.4 p1
    cpe:2.3:a:openbsd:openssh:3.4p1
  • OpenBSD OpenSSH 3.5
    cpe:2.3:a:openbsd:openssh:3.5
  • OpenBSD OpenSSH 3.2.2
    cpe:2.3:a:openbsd:openssh:3.2.2
  • OpenBSD OpenSSH 3.2.2 p1
    cpe:2.3:a:openbsd:openssh:3.2.2p1
  • OpenBSD OpenSSH 3.2.3 p1
    cpe:2.3:a:openbsd:openssh:3.2.3p1
  • OpenBSD OpenSSH 3.3
    cpe:2.3:a:openbsd:openssh:3.3
  • OpenBSD OpenSSH 2.3.1
    cpe:2.3:a:openbsd:openssh:2.3.1
  • OpenBSD OpenSSH 2.3
    cpe:2.3:a:openbsd:openssh:2.3
  • OpenBSD OpenSSH 2.5
    cpe:2.3:a:openbsd:openssh:2.5
  • OpenBSD OpenSSH 2.1.1
    cpe:2.3:a:openbsd:openssh:2.1.1
  • OpenBSD OpenSSH 2.2
    cpe:2.3:a:openbsd:openssh:2.2
  • OpenBSD OpenSSH 2.1
    cpe:2.3:a:openbsd:openssh:2.1
  • OpenBSD OpenSSH 2.9.9
    cpe:2.3:a:openbsd:openssh:2.9.9
  • OpenBSD OpenSSH 2.9 p2
    cpe:2.3:a:openbsd:openssh:2.9p2
  • OpenBSD OpenSSH 2.9.9 p2
    cpe:2.3:a:openbsd:openssh:2.9.9p2
  • OpenBSD OpenSSH 2.5.2
    cpe:2.3:a:openbsd:openssh:2.5.2
  • OpenBSD OpenSSH 2.5.1
    cpe:2.3:a:openbsd:openssh:2.5.1
  • OpenBSD OpenSSH 2.9 p1
    cpe:2.3:a:openbsd:openssh:2.9p1
  • OpenBSD OpenSSH 2.9
    cpe:2.3:a:openbsd:openssh:2.9
  • OpenBSD OpenSSH 1.5.7
    cpe:2.3:a:openbsd:openssh:1.5.7
  • OpenBSD OpenSSH 1.5.8
    cpe:2.3:a:openbsd:openssh:1.5.8
  • OpenBSD OpenSSH 1.3
    cpe:2.3:a:openbsd:openssh:1.3
  • OpenBSD OpenSSH 1.5
    cpe:2.3:a:openbsd:openssh:1.5
  • OpenBSD OpenSSH 1.2.27
    cpe:2.3:a:openbsd:openssh:1.2.27
  • OpenBSD OpenSSH 1.2.3
    cpe:2.3:a:openbsd:openssh:1.2.3
  • OpenBSD OpenSSH 1.2.1
    cpe:2.3:a:openbsd:openssh:1.2.1
  • OpenBSD OpenSSH 1.2.2
    cpe:2.3:a:openbsd:openssh:1.2.2
  • OpenBSD OpenSSH 1.2
    cpe:2.3:a:openbsd:openssh:1.2
CVSS
Base: 5.0 (as of 24-06-2016 - 12:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0038.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (#1245969) - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317816) - SSH2_MSG_DISCONNECT for user initiated disconnect follow RFC 4253 (#1222500) - Add missing dot in ssh manual page (#1197763) - Fix minor problems found by covscan/gcc (#1196063) - Add missing options in man ssh (#1197763) - Add KbdInteractiveAuthentication documentation to man sshd_config (#1109251) - Correct freeing newkeys structure when privileged monitor exits (#1208584) - Fix problems with failing persistent connections (#1131585) - Fix memory leaks in auditing patch (#1208584) - Better approach to logging sftp commands in chroot - Make sshd -T write all config options and add missing Cipher, MAC to man (#1109251) - Add missing ControlPersist option to man ssh (#1197763) - Add sftp option to force mode of created files (#1191055) - Do not load RSA1 keys in FIPS mode (#1197072) - Add missing support for ECDSA in ssh-keyscan (#1196331) - Fix coverity/gcc issues (#1196063) - Backport wildcard functionality for PermitOpen in sshd_config file (#1159055) - Ability to specify an arbitrary LDAP filter in ldap.conf (#1119506) - Fix ControlPersist option with ProxyCommand (#1160487) - Backport fix of ssh-keygen with error : gethostname: File name too long (#1161454) - Backport show remote address instead of UNKNOWN after timeout at password prompt (#1161449) - Fix printing of extensions in v01 certificates (#1093869) - Fix confusing audit trail for unsuccessful logins (#1127312) - Don't close fds for internal sftp sessions (#1085710) - Fix config parsing quotes (backport) (#1134938) - Enable logging in chroot into separate file (#1172224) - Fix auditing when using combination of ForcedCommand and PTY (#1131585) - Fix ssh-copy-id on non-sh remote shells (#1135521) - ignore SIGXFSZ in postauth monitor child (#1133906) - don't try to generate DSA keys in the init script in FIPS mode (#1118735) - ignore SIGPIPE in ssh-keyscan (#1108836) - ssh-add: fix fatal exit when removing card (#1042519) - fix race in backported ControlPersist patch (#953088) - skip requesting smartcard PIN when removing keys from agent (#1042519) - add possibility to autocreate only RSA key into initscript (#1111568) - fix several issues reported by coverity - x11 forwarding - be less restrictive when can't bind to one of available addresses (#1027197) - better fork error detection in audit patch (#1028643) - fix openssh-5.3p1-x11.patch for non-linux platforms (#1100913) - prevent a server from skipping SSHFP lookup (#1081338) (CVE-2014-2653) - ignore environment variables with embedded '=' or '\0' characters (CVE-2014-2532) - backport ControlPersist option (#953088) - log when a client requests an interactive session and only sftp is allowed (#997377) - don't try to load RSA1 host key in FIPS mode (#1009959) - restore Linux oom_adj setting when handling SIGHUP to maintain behaviour over restart (#1010429) - ssh-keygen -V - relative-specified certificate expiry time should be relative to current time (#1022459) - adjust the key echange DH groups and ssh-keygen according to SP800-131A (#993580) - log failed integrity test if /etc/system-fips exists (#1020803) - backport ECDSA and ECDH support (#1028335) - use dracut-fips package to determine if a FIPS module is installed (#1001565) - use dist tag in suffixes for hmac checksum files (#1001565) - use hmac_suffix for ssh[,d] hmac checksums (#1001565) - fix NSS keys support (#1004763) - change default value of MaxStartups - CVE-2010-5107 - #908707 - add -fips subpackages that contains the FIPS module files (#1001565) - don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835) - do ssh_gssapi_krb5_storecreds twice - before and after pam sesssion (#974096) - bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A (#993577) - fixed an issue with broken 'ssh -I pkcs11' (#908038) - abort non-subsystem sessions to forced internal sftp-server (#993509) - reverted 'store krb5 credentials after a pam session is created (#974096)' - Add support for certificate key types for users and hosts (#906872) - Apply RFC3454 stringprep to banners when possible (#955792) - fix chroot logging issue (#872169) - change the bad key permissions error message (#880575) - fix a race condition in ssh-agent (#896561) - backport support for PKCS11 from openssh-5.4p1 (#908038) - add a KexAlgorithms knob to the client and server configuration (#951704) - fix parsing logic of ldap.conf file (#954094) - Add HMAC-SHA2 algorithm support (#969565) - store krb5 credentials after a pam session is created (#974096)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 90076
    published 2016-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90076
    title OracleVM 3.3 / 3.4 : openssh (OVMSA-2016-0038)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1527.NASL
    description An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of 'Install Failed'. If this happens, place the host into maintenance mode, then activate it again to get the host back to an 'Up' state. A buffer overflow flaw was found in the way QEMU processed the SCSI 'REPORT LUNS' command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4344) Multiple flaws were found in the way Linux kernel handled HID (Human Interface Device) reports. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, CVE-2013-2889, CVE-2013-2892) A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238) The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107) The CVE-2013-4344 issue was discovered by Asias He of Red Hat. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2012-0786 and CVE-2012-0787 (augeas issues) CVE-2013-1813 (busybox issue) CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues) CVE-2012-4453 (dracut issue) CVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues) CVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591, CVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929, CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and CVE-2013-2851 (kernel issues) CVE-2013-4242 (libgcrypt issue) CVE-2013-4419 (libguestfs issue) CVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues) This update also fixes the following bug : * A previous version of the rhev-hypervisor6 package did not contain the latest vhostmd package, which provides a 'metrics communication channel' between a host and its hosted virtual machines, allowing limited introspection of host resource usage from within virtual machines. This has been fixed, and rhev-hypervisor6 now includes the latest vhostmd package. (BZ#1026703) This update also contains the fixes from the following errata : * ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 78979
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78979
    title RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-2212.NASL
    description This update changes default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections - CVE-2010-5107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 64604
    published 2013-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64604
    title Fedora 18 : openssh-6.1p1-5.fc18 (2013-2212)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1591.NASL
    description Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107) These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71007
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71007
    title RHEL 6 : openssh (RHSA-2013:1591)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0033.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - change default value of MaxStartups - CVE-2010-5107 (John Haxby)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 89817
    published 2016-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89817
    title OracleVM 2.2 : openssh (OVMSA-2016-0033)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-3521.NASL
    description Description of changes: [4.3p2-82.0.1] - change default value of MaxStartups - CVE-2010-5107 (John Haxby) [orabug 22766491]
    last seen 2019-02-21
    modified 2016-02-26
    plugin id 88981
    published 2016-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88981
    title Oracle Linux 5 : openssh (ELSA-2016-3521)
  • NASL family Denial of Service
    NASL id OPENSSH_LOGINGRACE_DOS.NASL
    description According to its banner, a version of OpenSSH earlier than version 6.2 is listening on this port. The default configuration of OpenSSH installs before 6.2 could allow a remote attacker to bypass the LoginGraceTime and MaxStartups thresholds by periodically making a large number of new TCP connections and thereby prevent legitimate users from gaining access to the service. Note that this plugin has not tried to exploit the issue or detect whether the remote service uses a vulnerable configuration. Instead, it has simply checked the version of OpenSSH running on the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 67140
    published 2013-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67140
    title OpenSSH LoginGraceTime / MaxStartups DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENSSH-130716.NASL
    description This update for OpenSSH provides the following fixes : - Implement remote denial of service hardening. (bnc#802639, CVE-2010-5107) - Use only FIPS 140-2 approved algorithms when FIPS mode is detected. (bnc#755505, bnc#821039) - Do not link OpenSSH binaries with LDAP libraries. (bnc#826906)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 69375
    published 2013-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69375
    title SuSE 11.2 Security Update : OpenSSH (SAT Patch Number 8078)
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSH_ADVISORY2.NASL
    description The version of OpenSSH running on the remote host is affected by a denial of service vulnerability. The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 73558
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73558
    title AIX OpenSSH Advisory : openssh_advisory2.asc
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL14741.NASL
    description The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 84450
    published 2015-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84450
    title F5 Networks BIG-IP : OpenSSH vulnerability (K14741)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131121_OPENSSH_ON_SL6_X.NASL
    description The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71196
    published 2013-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71196
    title Scientific Linux Security Update : openssh on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-2206.NASL
    description This update changes default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections - CVE-2010-5107 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 64883
    published 2013-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64883
    title Fedora 17 : openssh-5.9p1-29.fc17 (2013-2206)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1591.NASL
    description Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107) These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79164
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79164
    title CentOS 6 : openssh (CESA-2013:1591)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-051.NASL
    description A vulnerability has been found and corrected in openssh : The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections (CVE-2010-5107). The updated packages have been patched to correct thies issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66065
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66065
    title Mandriva Linux Security Advisory : openssh (MDVSA-2013:051)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201405-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201405-06 (OpenSSH: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or bypass environment restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-13
    plugin id 73958
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73958
    title GLSA-201405-06 : OpenSSH: Multiple vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_SSH_20130716.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107) - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. (CVE-2012-0814)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80775
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80775
    title Oracle Solaris Third-Party Patch Update : ssh (cve_2010_5107_denial_of)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0030.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - change default value of MaxStartups - CVE-2010-5107 (John Haxby) - improve RNG seeding from /dev/random (#681291,#708056) - make ssh(1)'s ConnectTimeout option apply to both the TCP connection and SSH banner exchange (#750725) - use IPV6_V6ONLY for sshd inet6 listening socket (#640857) - add LANGUAGE to the sent/accepted evvironment (#710229) - ssh-copy-id copies now id_rsa.pub by default (#731930) - repairs man pages (#731925) - set cloexec on accept socket (#642935) - add umask to sftp (#720598) - enable lastolg for big uids (#706315) - enable selinux domain transition to passwd_t (#689406) - enable pubkey auth in the fips mode (#674747) - improve resseding the prng from /dev/urandom or /dev/random respectively (#681291) - periodically ressed the prng from /dev/urandom or /dev/random respectively (#681291) - change cipher preferences (#661716) - change cipher preferences (#661716) - enable to run sshd as non root user (#661669) - reenable rekeying (#659242) - add nss keys to key audit patch (#632402) - key audit patch (#632402) - supply forced command documentation (#532559) - compile in the OpenSSL engine support - record lastlog with big uid (#616396) - add OpenSSL engine support (#594815) - backport forced command directive (#532559) - stderr does not more disturb sftp (#576765)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 89020
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89020
    title OracleVM 3.2 : openssh (OVMSA-2016-0030)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1591.NASL
    description From Red Hat Security Advisory 2013:1591 : Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107) These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71129
    published 2013-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71129
    title Oracle Linux 6 : openssh (ELSA-2013-1591)
oval via4
  • accepted 2014-01-06T04:00:23.370-05:00
    class vulnerability
    contributors
    name Chandan M C
    organization Hewlett-Packard
    definition_extensions
    • comment IBM AIX 5.3 is installed
      oval oval:org.mitre.oval:def:5325
    • comment IBM AIX 6.1 is installed
      oval oval:org.mitre.oval:def:5267
    • comment IBM AIX 7.1 is installed
      oval oval:org.mitre.oval:def:18828
    description The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
    family unix
    id oval:org.mitre.oval:def:19515
    status accepted
    submitted 2013-11-18T10:06:56.357-05:00
    title AIX OpenSSH Vulnerability
    version 47
  • accepted 2015-04-20T04:01:33.588-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
    family unix
    id oval:org.mitre.oval:def:19595
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Running HP Secure Shell, Remote Denial of Service (DoS)
    version 45
redhat via4
advisories
bugzilla
id 974096
title Kerberos ticket forwarding does not work if /tmp is polyinstantiated
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment openssh is earlier than 0:5.3p1-94.el6
        oval oval:com.redhat.rhsa:tst:20131591005
      • comment openssh is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884006
    • AND
      • comment openssh-askpass is earlier than 0:5.3p1-94.el6
        oval oval:com.redhat.rhsa:tst:20131591007
      • comment openssh-askpass is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884008
    • AND
      • comment openssh-clients is earlier than 0:5.3p1-94.el6
        oval oval:com.redhat.rhsa:tst:20131591015
      • comment openssh-clients is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884014
    • AND
      • comment openssh-ldap is earlier than 0:5.3p1-94.el6
        oval oval:com.redhat.rhsa:tst:20131591013
      • comment openssh-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884012
    • AND
      • comment openssh-server is earlier than 0:5.3p1-94.el6
        oval oval:com.redhat.rhsa:tst:20131591011
      • comment openssh-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884016
    • AND
      • comment pam_ssh_agent_auth is earlier than 0:0.9.3-94.el6
        oval oval:com.redhat.rhsa:tst:20131591009
      • comment pam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884010
rhsa
id RHSA-2013:1591
released 2013-11-21
severity Low
title RHSA-2013:1591: openssh security, bug fix, and enhancement update (Low)
rpms
  • openssh-0:5.3p1-94.el6
  • openssh-askpass-0:5.3p1-94.el6
  • openssh-clients-0:5.3p1-94.el6
  • openssh-ldap-0:5.3p1-94.el6
  • openssh-server-0:5.3p1-94.el6
  • pam_ssh_agent_auth-0:0.9.3-94.el6
refmap via4
bid 58162
confirm
hp HPSBMU03409
mlist [oss-security] 20130206 Re: CVE id request: openssh?
Last major update 28-11-2016 - 14:07
Published 07-03-2013 - 15:55
Last modified 18-09-2017 - 21:31
Back to Top