ID CVE-2016-10708
Summary sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
References
Vulnerable Configurations
  • OpenBSD OpenSSH
    cpe:2.3:a:openbsd:openssh
  • OpenBSD OpenSSH 1.2
    cpe:2.3:a:openbsd:openssh:1.2
  • OpenBSD OpenSSH 1.2.1
    cpe:2.3:a:openbsd:openssh:1.2.1
  • OpenBSD OpenSSH 1.2.2
    cpe:2.3:a:openbsd:openssh:1.2.2
  • OpenBSD OpenSSH 1.2.3
    cpe:2.3:a:openbsd:openssh:1.2.3
  • OpenBSD OpenSSH 1.2.27
    cpe:2.3:a:openbsd:openssh:1.2.27
  • OpenBSD OpenSSH 1.3
    cpe:2.3:a:openbsd:openssh:1.3
  • OpenBSD OpenSSH 1.5
    cpe:2.3:a:openbsd:openssh:1.5
  • OpenBSD OpenSSH 1.5.7
    cpe:2.3:a:openbsd:openssh:1.5.7
  • OpenBSD OpenSSH 1.5.8
    cpe:2.3:a:openbsd:openssh:1.5.8
  • OpenBSD OpenSSH 2
    cpe:2.3:a:openbsd:openssh:2
  • OpenBSD OpenSSH 2.1
    cpe:2.3:a:openbsd:openssh:2.1
  • OpenBSD OpenSSH 2.1.1
    cpe:2.3:a:openbsd:openssh:2.1.1
  • OpenBSD OpenSSH 2.2
    cpe:2.3:a:openbsd:openssh:2.2
  • OpenBSD OpenSSH 2.3
    cpe:2.3:a:openbsd:openssh:2.3
  • OpenBSD OpenSSH 2.3.1
    cpe:2.3:a:openbsd:openssh:2.3.1
  • OpenBSD OpenSSH 2.5
    cpe:2.3:a:openbsd:openssh:2.5
  • OpenBSD OpenSSH 2.5.1
    cpe:2.3:a:openbsd:openssh:2.5.1
  • OpenBSD OpenSSH 2.5.2
    cpe:2.3:a:openbsd:openssh:2.5.2
  • OpenBSD OpenSSH 2.9
    cpe:2.3:a:openbsd:openssh:2.9
  • OpenBSD OpenSSH 2.9.9
    cpe:2.3:a:openbsd:openssh:2.9.9
  • OpenBSD OpenSSH 2.9.9 p2
    cpe:2.3:a:openbsd:openssh:2.9.9p2
  • OpenBSD OpenSSH 2.9 p1
    cpe:2.3:a:openbsd:openssh:2.9p1
  • OpenBSD OpenSSH 2.9 p2
    cpe:2.3:a:openbsd:openssh:2.9p2
  • OpenBSD OpenSSH 3.0
    cpe:2.3:a:openbsd:openssh:3.0
  • OpenBSD OpenSSH 3.0.1
    cpe:2.3:a:openbsd:openssh:3.0.1
  • OpenBSD OpenSSH 3.0.1 p1
    cpe:2.3:a:openbsd:openssh:3.0.1p1
  • OpenBSD OpenSSH 3.0.2
    cpe:2.3:a:openbsd:openssh:3.0.2
  • OpenBSD OpenSSH 3.0.2p1
    cpe:2.3:a:openbsd:openssh:3.0.2p1
  • OpenBSD OpenSSH 3.0 p1
    cpe:2.3:a:openbsd:openssh:3.0p1
  • OpenBSD OpenSSH 3.1
    cpe:2.3:a:openbsd:openssh:3.1
  • OpenBSD OpenSSH 3.1 p1
    cpe:2.3:a:openbsd:openssh:3.1p1
  • OpenBSD OpenSSH 3.2
    cpe:2.3:a:openbsd:openssh:3.2
  • OpenBSD OpenSSH 3.2.2
    cpe:2.3:a:openbsd:openssh:3.2.2
  • OpenBSD OpenSSH 3.2.2 p1
    cpe:2.3:a:openbsd:openssh:3.2.2p1
  • OpenBSD OpenSSH 3.2.3 p1
    cpe:2.3:a:openbsd:openssh:3.2.3p1
  • OpenBSD OpenSSH 3.3
    cpe:2.3:a:openbsd:openssh:3.3
  • OpenBSD OpenSSH 3.3 p1
    cpe:2.3:a:openbsd:openssh:3.3p1
  • OpenBSD OpenSSH 3.4
    cpe:2.3:a:openbsd:openssh:3.4
  • OpenBSD OpenSSH 3.4 p1
    cpe:2.3:a:openbsd:openssh:3.4p1
  • OpenBSD OpenSSH 3.5
    cpe:2.3:a:openbsd:openssh:3.5
  • OpenBSD OpenSSH 3.5 p1
    cpe:2.3:a:openbsd:openssh:3.5p1
  • OpenBSD OpenSSH 3.6
    cpe:2.3:a:openbsd:openssh:3.6
  • OpenBSD OpenSSH 3.6.1
    cpe:2.3:a:openbsd:openssh:3.6.1
  • OpenBSD OpenSSH 3.6.1 p1
    cpe:2.3:a:openbsd:openssh:3.6.1p1
  • OpenBSD OpenSSH 3.6.1 p2
    cpe:2.3:a:openbsd:openssh:3.6.1p2
  • OpenBSD OpenSSH 3.7
    cpe:2.3:a:openbsd:openssh:3.7
  • OpenBSD OpenSSH 3.7.1
    cpe:2.3:a:openbsd:openssh:3.7.1
  • OpenBSD OpenSSH 3.7.1 p1
    cpe:2.3:a:openbsd:openssh:3.7.1p1
  • OpenBSD OpenSSH 3.7.1 p2
    cpe:2.3:a:openbsd:openssh:3.7.1p2
  • OpenBSD OpenSSH 3.8
    cpe:2.3:a:openbsd:openssh:3.8
  • OpenBSD OpenSSH 3.8.1
    cpe:2.3:a:openbsd:openssh:3.8.1
  • OpenBSD OpenSSH 3.8.1 p1
    cpe:2.3:a:openbsd:openssh:3.8.1p1
  • OpenBSD OpenSSH 3.9
    cpe:2.3:a:openbsd:openssh:3.9
  • OpenBSD OpenSSH 3.9.1
    cpe:2.3:a:openbsd:openssh:3.9.1
  • OpenBSD OpenSSH 3.9.1 p1
    cpe:2.3:a:openbsd:openssh:3.9.1p1
  • OpenBSD OpenSSH 4.0
    cpe:2.3:a:openbsd:openssh:4.0
  • OpenBSD OpenSSH Portable 4.0.p1
    cpe:2.3:a:openbsd:openssh:4.0p1
  • OpenBSD OpenSSH 4.1
    cpe:2.3:a:openbsd:openssh:4.1
  • OpenBSD OpenSSH Portable 4.1.p1
    cpe:2.3:a:openbsd:openssh:4.1p1
  • OpenBSD OpenSSH 4.2
    cpe:2.3:a:openbsd:openssh:4.2
  • OpenBSD OpenSSH Portable 4.2.p1
    cpe:2.3:a:openbsd:openssh:4.2p1
  • OpenBSD OpenSSH 4.3
    cpe:2.3:a:openbsd:openssh:4.3
  • OpenBSD OpenSSH Portable 4.3.p1
    cpe:2.3:a:openbsd:openssh:4.3p1
  • OpenBSD OpenSSH Portable 4.3.p2
    cpe:2.3:a:openbsd:openssh:4.3p2
  • OpenBSD OpenSSH 4.4
    cpe:2.3:a:openbsd:openssh:4.4
  • OpenBSD OpenSSH Portable 4.4.p1
    cpe:2.3:a:openbsd:openssh:4.4p1
  • OpenBSD OpenSSH 4.5
    cpe:2.3:a:openbsd:openssh:4.5
  • OpenBSD OpenSSH 4.6
    cpe:2.3:a:openbsd:openssh:4.6
  • OpenBSD OpenSSH 4.7
    cpe:2.3:a:openbsd:openssh:4.7
  • OpenBSD OpenSSH 4.7p1
    cpe:2.3:a:openbsd:openssh:4.7p1
  • OpenBSD OpenSSH 4.8
    cpe:2.3:a:openbsd:openssh:4.8
  • OpenBSD OpenSSH 4.9
    cpe:2.3:a:openbsd:openssh:4.9
  • OpenBSD OpenSSH 5.0
    cpe:2.3:a:openbsd:openssh:5.0
  • OpenBSD OpenSSH 5.0 Patch 1
    cpe:2.3:a:openbsd:openssh:5.0:p1
  • OpenBSD OpenSSH 5.1
    cpe:2.3:a:openbsd:openssh:5.1
  • OpenBSD OpenSSH 5.1 Patch 1
    cpe:2.3:a:openbsd:openssh:5.1:p1
  • OpenBSD OpenSSH 5.2
    cpe:2.3:a:openbsd:openssh:5.2
  • OpenBSD OpenSSH 5.2 Patch 1
    cpe:2.3:a:openbsd:openssh:5.2:p1
  • OpenBSD OpenSSH 5.3
    cpe:2.3:a:openbsd:openssh:5.3
  • OpenBSD OpenSSH 5.3 Patch 1
    cpe:2.3:a:openbsd:openssh:5.3:p1
  • OpenBSD OpenSSH 5.4
    cpe:2.3:a:openbsd:openssh:5.4
  • OpenBSD OpenSSH 5.4 Patch 1
    cpe:2.3:a:openbsd:openssh:5.4:p1
  • OpenBSD OpenSSH 5.5
    cpe:2.3:a:openbsd:openssh:5.5
  • OpenBSD OpenSSH 5.5 Patch 1
    cpe:2.3:a:openbsd:openssh:5.5:p1
  • OpenBSD OpenSSH 5.6
    cpe:2.3:a:openbsd:openssh:5.6
  • OpenBSD OpenSSH 5.6 Patch 1
    cpe:2.3:a:openbsd:openssh:5.6:p1
  • OpenBSD OpenSSH 5.7
    cpe:2.3:a:openbsd:openssh:5.7
  • OpenBSD OpenSSH 5.7 Patch 1
    cpe:2.3:a:openbsd:openssh:5.7:p1
  • OpenBSD OpenSSH 5.8
    cpe:2.3:a:openbsd:openssh:5.8
  • OpenBSD OpenSSH 5.8 Patch 1
    cpe:2.3:a:openbsd:openssh:5.8:p1
  • OpenBSD OpenSSH 5.8p2
    cpe:2.3:a:openbsd:openssh:5.8p2
  • OpenBSD OpenSSH 5.9
    cpe:2.3:a:openbsd:openssh:5.9
  • OpenBSD OpenSSH 5.9 Patch 1
    cpe:2.3:a:openbsd:openssh:5.9:p1
  • OpenBSD OpenSSH 6.0
    cpe:2.3:a:openbsd:openssh:6.0
  • OpenBSD OpenSSH 6.0 Patch 1
    cpe:2.3:a:openbsd:openssh:6.0:p1
  • OpenBSD OpenSSH 6.1
    cpe:2.3:a:openbsd:openssh:6.1
  • OpenBSD OpenSSH 6.1 Patch 1
    cpe:2.3:a:openbsd:openssh:6.1:p1
  • OpenBSD OpenSSH 6.2
    cpe:2.3:a:openbsd:openssh:6.2
  • OpenBSD OpenSSH 6.2 Patch 1
    cpe:2.3:a:openbsd:openssh:6.2:p1
  • OpenBSD OpenSSH 6.2 Patch 2
    cpe:2.3:a:openbsd:openssh:6.2:p2
  • OpenBSD OpenSSH 6.3
    cpe:2.3:a:openbsd:openssh:6.3
  • OpenBSD OpenSSH 6.3 Patch 1
    cpe:2.3:a:openbsd:openssh:6.3:p1
  • OpenBSD OpenSSH 6.4
    cpe:2.3:a:openbsd:openssh:6.4
  • OpenBSD OpenSSH 6.4 Patch 1
    cpe:2.3:a:openbsd:openssh:6.4:p1
  • OpenBSD OpenSSH 6.5
    cpe:2.3:a:openbsd:openssh:6.5
  • OpenBSD OpenSSH 6.5 Patch 1
    cpe:2.3:a:openbsd:openssh:6.5:p1
  • OpenBSD OpenSSH 6.6
    cpe:2.3:a:openbsd:openssh:6.6
  • OpenBSD OpenSSH 6.6 Patch 1
    cpe:2.3:a:openbsd:openssh:6.6:p1
  • OpenBSD OpenSSH 6.7
    cpe:2.3:a:openbsd:openssh:6.7
  • OpenBSD OpenSSH 6.7 Patch 1
    cpe:2.3:a:openbsd:openssh:6.7:p1
  • OpenBSD OpenSSH 6.8
    cpe:2.3:a:openbsd:openssh:6.8
  • OpenBSD OpenSSH 6.8 Patch 1
    cpe:2.3:a:openbsd:openssh:6.8:p1
  • OpenBSD OpenSSH 6.9
    cpe:2.3:a:openbsd:openssh:6.9
  • OpenBSD OpenSSH 6.9 Patch 1
    cpe:2.3:a:openbsd:openssh:6.9:p1
  • OpenBSD OpenSSH 7.0
    cpe:2.3:a:openbsd:openssh:7.0
  • OpenBSD OpenSSH 7.0 Patch 1
    cpe:2.3:a:openbsd:openssh:7.0:p1
  • OpenBSD OpenSSH 7.1
    cpe:2.3:a:openbsd:openssh:7.1
  • OpenBSD OpenSSH 7.1 Patch 1
    cpe:2.3:a:openbsd:openssh:7.1:p1
  • OpenBSD OpenSSH 7.1 P2
    cpe:2.3:a:openbsd:openssh:7.1:p2
  • OpenBSD OpenSSH 7.2 Patch 2
    cpe:2.3:a:openbsd:openssh:7.2:p2
  • OpenBSD OpenSSH 7.3
    cpe:2.3:a:openbsd:openssh:7.3
  • OpenBSD OpenSSH 7.3 p1
    cpe:2.3:a:openbsd:openssh:7.3:p1
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2029.NASL
    description An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh (7.4p1). (BZ#1341754) Security Fix(es) : * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) * It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515) * It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009) * It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011) * It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102751
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102751
    title CentOS 7 : openssh (CESA-2017:2029)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2685-1.NASL
    description This update for openssh provides the following fixes : Security issues fixed : CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000). CVE-2016-10012: Remove pre-auth compression support from the server to prevent possible cryptographic attacks (bsc#1016370). CVE-2008-1483: Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509). CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Bug fixes: bsc#1017099: Enable case-insensitive hostname matching. bsc#1023275: Add a new switch for printing diagnostic messages in sftp client's batch mode. bsc#1048367: systemd integration to work around various race conditions. bsc#1053972: Remove duplicate KEX method. bsc#1092582: Add missing piece of systemd integration. Remove the limit on the amount of tasks sshd can run. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 117452
    published 2018-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117452
    title SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2685-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2029.NASL
    description From Red Hat Security Advisory 2017:2029 : An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh (7.4p1). (BZ#1341754) Security Fix(es) : * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) * It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515) * It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009) * It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011) * It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 102296
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102296
    title Oracle Linux 7 : openssh (ELSA-2017-2029)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2029.NASL
    description An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh (7.4p1). (BZ#1341754) Security Fix(es) : * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) * It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515) * It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009) * It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011) * It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 102112
    published 2017-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102112
    title RHEL 7 : openssh (RHSA-2017:2029)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3809-1.NASL
    description Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 118795
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118795
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : openssh vulnerabilities (USN-3809-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1069.NASL
    description According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 108473
    published 2018-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108473
    title EulerOS 2.0 SP2 : openssh (EulerOS-SA-2018-1069)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2530-2.NASL
    description This update for openssh fixes the following issues : Security issue fixed : CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118285
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118285
    title SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2530-2)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1257.NASL
    description OpenSSH was found to be vulnerable to out of order NEWKEYS messages which could crash the daemon, resulting in a denial of service attack. For Debian 7 'Wheezy', these problems have been fixed in version 1:6.0p1-4+deb7u7. We recommend that you upgrade your openssh packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 106407
    published 2018-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106407
    title Debian DLA-1257-1 : openssh security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1068.NASL
    description According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 108472
    published 2018-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108472
    title EulerOS 2.0 SP1 : openssh (EulerOS-SA-2018-1068)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2530-1.NASL
    description This update for openssh fixes the following issues: Security issue fixed : - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112148
    published 2018-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112148
    title SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2530-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-765.NASL
    description This update for openssh fixes the following issues : Security issue fixed : - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 111417
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111417
    title openSUSE Security Update : openssh (openSUSE-2018-765)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1254.NASL
    description According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.(CVE-2016-10708) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117563
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117563
    title EulerOS Virtualization 2.5.0 : openssh (EulerOS-SA-2018-1254)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2275-1.NASL
    description This update for openssh fixes the following issues: Security issues fixed : - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away (bsc#1016370). - CVE-2016-10708: Fix remote denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957). - CVE-2017-15906: Fix r/o sftp-server zero byte file creation (bsc#1065000). - CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483 (bsc#1069509). Bug fixes : - bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099) - bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated (bsc#1053972) - bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4 (bsc#1023275) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 111639
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111639
    title SUSE SLES11 Security Update : openssh (SUSE-SU-2018:2275-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3540-1.NASL
    description This update for openssh fixes the following issues : Security issues fixed : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726) CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957) CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370) Bugs fixed: Fixed failing 'AuthorizedKeysCommand' within a 'Match User' block in sshd_config (bsc#1105180) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118498
    published 2018-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118498
    title SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3540-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1989-1.NASL
    description This update for openssh fixes the following issues: Security issue fixed : - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111200
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111200
    title SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2018:1989-1)
redhat via4
advisories
bugzilla
id 1450361
title pam_ssh_agent_auth i686 and x86_64 can't be installed side by side
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment openssh is earlier than 0:7.4p1-11.el7
        oval oval:com.redhat.rhsa:tst:20172029005
      • comment openssh is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884006
    • AND
      • comment openssh-askpass is earlier than 0:7.4p1-11.el7
        oval oval:com.redhat.rhsa:tst:20172029021
      • comment openssh-askpass is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884008
    • AND
      • comment openssh-cavs is earlier than 0:7.4p1-11.el7
        oval oval:com.redhat.rhsa:tst:20172029007
      • comment openssh-cavs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20172029008
    • AND
      • comment openssh-clients is earlier than 0:7.4p1-11.el7
        oval oval:com.redhat.rhsa:tst:20172029011
      • comment openssh-clients is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884014
    • AND
      • comment openssh-keycat is earlier than 0:7.4p1-11.el7
        oval oval:com.redhat.rhsa:tst:20172029013
      • comment openssh-keycat is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150425012
    • AND
      • comment openssh-ldap is earlier than 0:7.4p1-11.el7
        oval oval:com.redhat.rhsa:tst:20172029009
      • comment openssh-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884012
    • AND
      • comment openssh-server is earlier than 0:7.4p1-11.el7
        oval oval:com.redhat.rhsa:tst:20172029015
      • comment openssh-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884016
    • AND
      • comment openssh-server-sysvinit is earlier than 0:7.4p1-11.el7
        oval oval:com.redhat.rhsa:tst:20172029019
      • comment openssh-server-sysvinit is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150425016
    • AND
      • comment pam_ssh_agent_auth is earlier than 0:0.10.3-1.11.el7
        oval oval:com.redhat.rhsa:tst:20172029017
      • comment pam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120884010
rhsa
id RHSA-2017:2029
released 2017-08-01
severity Moderate
title RHSA-2017:2029: openssh security, bug fix, and enhancement update (Moderate)
rpms
  • openssh-0:7.4p1-11.el7
  • openssh-askpass-0:7.4p1-11.el7
  • openssh-cavs-0:7.4p1-11.el7
  • openssh-clients-0:7.4p1-11.el7
  • openssh-keycat-0:7.4p1-11.el7
  • openssh-ldap-0:7.4p1-11.el7
  • openssh-server-0:7.4p1-11.el7
  • openssh-server-sysvinit-0:7.4p1-11.el7
  • pam_ssh_agent_auth-0:0.10.3-1.11.el7
refmap via4
bid 102780
confirm https://security.netapp.com/advisory/ntap-20180423-0003/
misc
mlist
  • [debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update
  • [debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update
ubuntu USN-3809-1
Last major update 21-01-2018 - 17:29
Published 21-01-2018 - 17:29
Last modified 07-11-2018 - 06:29
Back to Top