csaf_suse - suse-su-2016:2555-1

suse-su-2016:2555-1

Vulnerability from csaf_suse

Published

2016-10-17 14:52

Modified

2016-10-17 14:52

Summary

Security update for openssh-openssl1

Notes

Title of the patch

Security update for openssh-openssl1

Description of the patch

This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) - CVE-2016-6515: limit accepted password length (prevents possible DoS) (bsc#992533) - CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632) - CVE-2016-1908: prevent X11 SECURITY circumvention when forwarding X11 connections (bsc#962313) - CVE-2015-8325: ignore PAM environment when using login (bsc#975865) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) Bugs fixed: - avoid complaining about unset DISPLAY variable (bsc#981654) - Correctly parse GSSAPI KEX algorithms (bsc#961368) - more verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - fix PRNG re-seeding (bsc#960414, bsc#729190) - Allow empty Match blocks (bsc#961494)

Patchnames

secsp3-openssh-openssl1-12794

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssh-openssl1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for openssh-openssl1 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2016-6210: Prevent user enumeration through the timing of password\n  processing (bsc#989363)\n- CVE-2016-6515: limit accepted password length (prevents possible DoS)\n  (bsc#992533)\n- CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632)\n- CVE-2016-1908: prevent X11 SECURITY circumvention when forwarding X11\n  connections (bsc#962313)\n- CVE-2015-8325: ignore PAM environment when using login (bsc#975865)\n- Disable DH parameters under 2048 bits by default and allow\n  lowering the limit back to the RFC 4419 specified minimum\n  through an option (bsc#932483, bsc#948902)\n- Allow lowering the DH groups parameter limit in server as well\n  as when GSSAPI key exchange is used (bsc#948902)\n\nBugs fixed:\n- avoid complaining about unset DISPLAY variable (bsc#981654)\n- Correctly parse GSSAPI KEX algorithms (bsc#961368)\n- more verbose FIPS mode/CC related documentation in README.FIPS\n  (bsc#965576, bsc#960414)\n- fix PRNG re-seeding (bsc#960414, bsc#729190)\n- Allow empty Match blocks (bsc#961494)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "secsp3-openssh-openssl1-12794",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2555-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:2555-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162555-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:2555-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-October/002338.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 729190",
        "url": "https://bugzilla.suse.com/729190"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 932483",
        "url": "https://bugzilla.suse.com/932483"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 948902",
        "url": "https://bugzilla.suse.com/948902"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 960414",
        "url": "https://bugzilla.suse.com/960414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 961368",
        "url": "https://bugzilla.suse.com/961368"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 961494",
        "url": "https://bugzilla.suse.com/961494"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 962313",
        "url": "https://bugzilla.suse.com/962313"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 965576",
        "url": "https://bugzilla.suse.com/965576"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970632",
        "url": "https://bugzilla.suse.com/970632"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 975865",
        "url": "https://bugzilla.suse.com/975865"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 981654",
        "url": "https://bugzilla.suse.com/981654"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 989363",
        "url": "https://bugzilla.suse.com/989363"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 992533",
        "url": "https://bugzilla.suse.com/992533"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8325 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8325/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-1908 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-1908/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3115 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3115/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-6210 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-6210/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-6515 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-6515/"
      }
    ],
    "title": "Security update for openssh-openssl1",
    "tracking": {
      "current_release_date": "2016-10-17T14:52:50Z",
      "generator": {
        "date": "2016-10-17T14:52:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:2555-1",
      "initial_release_date": "2016-10-17T14:52:50Z",
      "revision_history": [
        {
          "date": "2016-10-17T14:52:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.i586",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.i586",
                  "product_id": "openssh-openssl1-6.6p1-15.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.i586",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.i586",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.ia64",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.ia64",
                  "product_id": "openssh-openssl1-6.6p1-15.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.ia64",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.ia64",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.ppc64",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.ppc64",
                  "product_id": "openssh-openssl1-6.6p1-15.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.ppc64",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.ppc64",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.s390x",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.s390x",
                  "product_id": "openssh-openssl1-6.6p1-15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.s390x",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.s390x",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-openssl1-6.6p1-15.1.x86_64",
                "product": {
                  "name": "openssh-openssl1-6.6p1-15.1.x86_64",
                  "product_id": "openssh-openssl1-6.6p1-15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-openssl1-helpers-6.6p1-15.1.x86_64",
                "product": {
                  "name": "openssh-openssl1-helpers-6.6p1-15.1.x86_64",
                  "product_id": "openssh-openssl1-helpers-6.6p1-15.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11-SECURITY",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11-SECURITY",
                  "product_id": "SUSE Linux Enterprise Server 11-SECURITY",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:11:security"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-6.6p1-15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64"
        },
        "product_reference": "openssh-openssl1-6.6p1-15.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-openssl1-helpers-6.6p1-15.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
          "product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        },
        "product_reference": "openssh-openssl1-helpers-6.6p1-15.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8325",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8325"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8325",
          "url": "https://www.suse.com/security/cve/CVE-2015-8325"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138392 for CVE-2015-8325",
          "url": "https://bugzilla.suse.com/1138392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 975865 for CVE-2015-8325",
          "url": "https://bugzilla.suse.com/975865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 996040 for CVE-2015-8325",
          "url": "https://bugzilla.suse.com/996040"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8325"
    },
    {
      "cve": "CVE-2016-1908",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-1908"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-1908",
          "url": "https://www.suse.com/security/cve/CVE-2016-1908"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1001712 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/1001712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005738 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/1005738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010950 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/1010950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138392 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/1138392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962313 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/962313"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 996040 for CVE-2016-1908",
          "url": "https://bugzilla.suse.com/996040"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-1908"
    },
    {
      "cve": "CVE-2016-3115",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3115"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3115",
          "url": "https://www.suse.com/security/cve/CVE-2016-3115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005738 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/1005738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010950 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/1010950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1059233 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/1059233"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138392 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/1138392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 970632 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/970632"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 992296 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/992296"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 992991 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/992991"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 996040 for CVE-2016-3115",
          "url": "https://bugzilla.suse.com/996040"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-3115"
    },
    {
      "cve": "CVE-2016-6210",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-6210"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-6210",
          "url": "https://www.suse.com/security/cve/CVE-2016-6210"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1001712 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/1001712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010950 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/1010950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105010 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/1105010"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138392 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/1138392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 989363 for CVE-2016-6210",
          "url": "https://bugzilla.suse.com/989363"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-6210"
    },
    {
      "cve": "CVE-2016-6515",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-6515"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
          "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-6515",
          "url": "https://www.suse.com/security/cve/CVE-2016-6515"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010950 for CVE-2016-6515",
          "url": "https://bugzilla.suse.com/1010950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2016-6515",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 992533 for CVE-2016-6515",
          "url": "https://bugzilla.suse.com/992533"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-15.1.x86_64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.i586",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ia64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.ppc64",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.s390x",
            "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T14:52:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-6515"
    }
  ]
}

CVE-2016-3115 (GCVE-0-2016-3115)

Vulnerability from cvelistv5

Published

2016-03-22 10:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

References

URL

Tags

	http://www.openssh.com/txt/x11fwd.adv	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115	x_refsource_MISC
	http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html	x_refsource_MISC
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc	vendor-advisory, x_refsource_FREEBSD
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/39569/	exploit, x_refsource_EXPLOIT-DB
	http://rhn.redhat.com/errata/RHSA-2016-0466.html	vendor-advisory, x_refsource_REDHAT
	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1035249	vdb-entry, x_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html	vendor-advisory, x_refsource_FEDORA
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html	vendor-advisory, x_refsource_FEDORA
	https://bto.bluecoat.com/security-advisory/sa121	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201612-18	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/84314	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html	mailing-list, x_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html	vendor-advisory, x_refsource_FEDORA
	http://seclists.org/fulldisclosure/2016/Mar/47	mailing-list, x_refsource_FULLDISC
	http://rhn.redhat.com/errata/RHSA-2016-0465.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html	vendor-advisory, x_refsource_FEDORA
	http://seclists.org/fulldisclosure/2016/Mar/46	mailing-list, x_refsource_FULLDISC
	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssh.com/txt/x11fwd.adv"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
          },
          {
            "name": "FreeBSD-SA-16:14",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "39569",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39569/"
          },
          {
            "name": "RHSA-2016:0466",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
          },
          {
            "name": "1035249",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035249"
          },
          {
            "name": "FEDORA-2016-fc1cc33e05",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
          },
          {
            "name": "FEDORA-2016-d339d610c1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa121"
          },
          {
            "name": "GLSA-201612-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-18"
          },
          {
            "name": "84314",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84314"
          },
          {
            "name": "FEDORA-2016-0bcab055a7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
          },
          {
            "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
          },
          {
            "name": "FEDORA-2016-08e5803496",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
          },
          {
            "name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Mar/47"
          },
          {
            "name": "RHSA-2016:0465",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
          },
          {
            "name": "FEDORA-2016-188267b485",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
          },
          {
            "name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Mar/46"
          },
          {
            "name": "FEDORA-2016-bb59db3c86",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-11T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssh.com/txt/x11fwd.adv"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
        },
        {
          "name": "FreeBSD-SA-16:14",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "39569",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39569/"
        },
        {
          "name": "RHSA-2016:0466",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
        },
        {
          "name": "1035249",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035249"
        },
        {
          "name": "FEDORA-2016-fc1cc33e05",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
        },
        {
          "name": "FEDORA-2016-d339d610c1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa121"
        },
        {
          "name": "GLSA-201612-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-18"
        },
        {
          "name": "84314",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84314"
        },
        {
          "name": "FEDORA-2016-0bcab055a7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
        },
        {
          "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
        },
        {
          "name": "FEDORA-2016-08e5803496",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
        },
        {
          "name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Mar/47"
        },
        {
          "name": "RHSA-2016:0465",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
        },
        {
          "name": "FEDORA-2016-188267b485",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
        },
        {
          "name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Mar/46"
        },
        {
          "name": "FEDORA-2016-bb59db3c86",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3115",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openssh.com/txt/x11fwd.adv",
              "refsource": "CONFIRM",
              "url": "http://www.openssh.com/txt/x11fwd.adv"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115",
              "refsource": "MISC",
              "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
            },
            {
              "name": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"
            },
            {
              "name": "FreeBSD-SA-16:14",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "39569",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39569/"
            },
            {
              "name": "RHSA-2016:0466",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"
            },
            {
              "name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c",
              "refsource": "CONFIRM",
              "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"
            },
            {
              "name": "1035249",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035249"
            },
            {
              "name": "FEDORA-2016-fc1cc33e05",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h",
              "refsource": "CONFIRM",
              "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281\u0026r2=1.282\u0026f=h"
            },
            {
              "name": "FEDORA-2016-d339d610c1",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa121",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa121"
            },
            {
              "name": "GLSA-201612-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-18"
            },
            {
              "name": "84314",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84314"
            },
            {
              "name": "FEDORA-2016-0bcab055a7",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"
            },
            {
              "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
            },
            {
              "name": "FEDORA-2016-08e5803496",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"
            },
            {
              "name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Mar/47"
            },
            {
              "name": "RHSA-2016:0465",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
            },
            {
              "name": "FEDORA-2016-188267b485",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"
            },
            {
              "name": "20160314 CVE-2016-3115 - OpenSSH \u003c=7.2p1 xauth injection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Mar/46"
            },
            {
              "name": "FEDORA-2016-bb59db3c86",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3115",
    "datePublished": "2016-03-22T10:00:00",
    "dateReserved": "2016-03-10T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8325 (GCVE-0-2015-8325)

Vulnerability from cvelistv5

Published

2016-05-01 00:00

Modified

2024-08-06 08:13

Severity ?

CWE

Summary

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

References

URL

Tags

	http://www.securityfocus.com/bid/86187	vdb-entry
	http://www.debian.org/security/2016/dsa-3550	vendor-advisory
	https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html
	https://bugzilla.redhat.com/show_bug.cgi?id=1328012
	http://rhn.redhat.com/errata/RHSA-2017-0641.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2588.html	vendor-advisory
	http://www.securitytracker.com/id/1036487	vdb-entry
	https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
	https://security-tracker.debian.org/tracker/CVE-2015-8325
	https://security.gentoo.org/glsa/201612-18	vendor-advisory
	https://security.netapp.com/advisory/ntap-20180628-0001/
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:13:32.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "86187",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86187"
          },
          {
            "name": "DSA-3550",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3550"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012"
          },
          {
            "name": "RHSA-2017:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html"
          },
          {
            "name": "RHSA-2016:2588",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html"
          },
          {
            "name": "1036487",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2015-8325"
          },
          {
            "name": "GLSA-201612-18",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "86187",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/86187"
        },
        {
          "name": "DSA-3550",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3550"
        },
        {
          "url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328012"
        },
        {
          "name": "RHSA-2017:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0641.html"
        },
        {
          "name": "RHSA-2016:2588",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2588.html"
        },
        {
          "name": "1036487",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036487"
        },
        {
          "url": "https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2015-8325"
        },
        {
          "name": "GLSA-201612-18",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-18"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8325",
    "datePublished": "2016-05-01T00:00:00",
    "dateReserved": "2015-11-24T00:00:00",
    "dateUpdated": "2024-08-06T08:13:32.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6515 (GCVE-0-2016-6515)

Vulnerability from cvelistv5

Published

2016-08-07 00:00

Modified

2024-08-06 01:29

Severity ?

CWE

Summary

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

References

URL

Tags

	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us
	https://security.netapp.com/advisory/ntap-20171130-0003/
	https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97
	http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html
	https://www.exploit-db.com/exploits/40888/	exploit
	http://www.securityfocus.com/bid/92212	vdb-entry
	https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.securitytracker.com/id/1036487	vdb-entry
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:2029	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html	mailing-list
	http://openwall.com/lists/oss-security/2016/08/01/2	mailing-list
	https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03779en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
          },
          {
            "name": "40888",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40888/"
          },
          {
            "name": "92212",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92212"
          },
          {
            "name": "FreeBSD-SA-17:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "1036487",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036487"
          },
          {
            "name": "FEDORA-2016-4a3debc3a6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
          },
          {
            "name": "RHSA-2017:2029",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2029"
          },
          {
            "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
          },
          {
            "name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2016/08/01/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03779en_us"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
        },
        {
          "url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
        },
        {
          "url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
        },
        {
          "name": "40888",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40888/"
        },
        {
          "name": "92212",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92212"
        },
        {
          "name": "FreeBSD-SA-17:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "1036487",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036487"
        },
        {
          "name": "FEDORA-2016-4a3debc3a6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
        },
        {
          "name": "RHSA-2017:2029",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2029"
        },
        {
          "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
        },
        {
          "name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
          "tags": [
            "mailing-list"
          ],
          "url": "http://openwall.com/lists/oss-security/2016/08/01/2"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6515",
    "datePublished": "2016-08-07T00:00:00",
    "dateReserved": "2016-08-01T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1908 (GCVE-0-2016-1908)

Vulnerability from cvelistv5

Published

2017-04-11 00:00

Modified

2024-08-05 23:10

Severity ?

CWE

Summary

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

References

URL

Tags

	http://www.openssh.com/txt/release-7.2
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
	http://openwall.com/lists/oss-security/2016/01/15/13	mailing-list
	http://www.securitytracker.com/id/1034705	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-0741.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-18	vendor-advisory
	https://bugzilla.redhat.com/show_bug.cgi?id=1298741
	https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html	mailing-list
	http://www.securityfocus.com/bid/84427	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-0465.html	vendor-advisory
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:40.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openssh.com/txt/release-7.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c"
          },
          {
            "name": "[oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2016/01/15/13"
          },
          {
            "name": "1034705",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034705"
          },
          {
            "name": "RHSA-2016:0741",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
          },
          {
            "name": "GLSA-201612-18",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741"
          },
          {
            "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
          },
          {
            "name": "84427",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84427"
          },
          {
            "name": "RHSA-2016:0465",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.openssh.com/txt/release-7.2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c"
        },
        {
          "name": "[oss-security] 20160115 Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
          "tags": [
            "mailing-list"
          ],
          "url": "http://openwall.com/lists/oss-security/2016/01/15/13"
        },
        {
          "name": "1034705",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034705"
        },
        {
          "name": "RHSA-2016:0741",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0741.html"
        },
        {
          "name": "GLSA-201612-18",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-18"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298741"
        },
        {
          "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
        },
        {
          "name": "84427",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/84427"
        },
        {
          "name": "RHSA-2016:0465",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-1908",
    "datePublished": "2017-04-11T00:00:00",
    "dateReserved": "2016-01-15T00:00:00",
    "dateUpdated": "2024-08-05T23:10:40.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6210 (GCVE-0-2016-6210)

Vulnerability from cvelistv5

Published

2017-02-13 00:00

Modified

2024-08-06 01:22

Severity ?

CWE

Summary

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:2563	vendor-advisory
	http://www.securitytracker.com/id/1036319	vdb-entry
	http://seclists.org/fulldisclosure/2016/Jul/51	mailing-list
	http://www.debian.org/security/2016/dsa-3626	vendor-advisory
	https://www.exploit-db.com/exploits/40136/	exploit
	https://www.exploit-db.com/exploits/40113/	exploit
	https://www.openssh.com/txt/release-7.3
	https://security.gentoo.org/glsa/201612-18	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:2029	vendor-advisory
	http://www.securityfocus.com/bid/91812	vdb-entry
	https://security.netapp.com/advisory/ntap-20190206-0001/
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2563",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2563"
          },
          {
            "name": "1036319",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036319"
          },
          {
            "name": "20160714 opensshd - user enumeration",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Jul/51"
          },
          {
            "name": "DSA-3626",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3626"
          },
          {
            "name": "40136",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40136/"
          },
          {
            "name": "40113",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40113/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssh.com/txt/release-7.3"
          },
          {
            "name": "GLSA-201612-18",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-18"
          },
          {
            "name": "RHSA-2017:2029",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2029"
          },
          {
            "name": "91812",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91812"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190206-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2017:2563",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2563"
        },
        {
          "name": "1036319",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036319"
        },
        {
          "name": "20160714 opensshd - user enumeration",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Jul/51"
        },
        {
          "name": "DSA-3626",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3626"
        },
        {
          "name": "40136",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40136/"
        },
        {
          "name": "40113",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40113/"
        },
        {
          "url": "https://www.openssh.com/txt/release-7.3"
        },
        {
          "name": "GLSA-201612-18",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-18"
        },
        {
          "name": "RHSA-2017:2029",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2029"
        },
        {
          "name": "91812",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91812"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190206-0001/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6210",
    "datePublished": "2017-02-13T00:00:00",
    "dateReserved": "2016-07-13T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2016:2555-1

Vulnerability from csaf_suse

CVE-2016-3115 (GCVE-0-2016-3115)

Vulnerability from cvelistv5

CVE-2015-8325 (GCVE-0-2015-8325)

Vulnerability from cvelistv5

CVE-2016-6515 (GCVE-0-2016-6515)

Vulnerability from cvelistv5

CVE-2016-1908 (GCVE-0-2016-1908)

Vulnerability from cvelistv5

CVE-2016-6210 (GCVE-0-2016-6210)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature