Abdirisaq-ali-aynab

CVE-2015-5600 NOMISEC HIGH WRITEUP

OpenSSH < 6.9 - Denial of Service via Keyboard-Interactive Device List

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

CVSS 8.1

View Code

CVE-2016-0777 NOMISEC MEDIUM WRITEUP

OpenSSH <7.1p2 - Info Disclosure

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVSS 6.5

View Code

CVE-2016-0777 NOMISEC MEDIUM WRITEUP

OpenSSH <7.1p2 - Info Disclosure

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVSS 6.5

View Code

CVE-2015-5600 NOMISEC HIGH WRITEUP

OpenSSH < 6.9 - Denial of Service via Keyboard-Interactive Device List

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

CVSS 8.1

View Code