CVE-2015-5600

HIGH

OpenSSH < 6.9 - Denial of Service via Keyboard-Interactive Device List

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-5600. PoCs published by Abdirisaq-ali-aynab.

AI-analyzed exploit summary This repository provides a detailed vulnerability assessment for OpenSSH 6.6.1p1, including technical analysis of CVE-2015-5600 and other CVEs, remediation steps, and MITRE ATT&CK mapping. It does not contain exploit code but offers in-depth security research.

Description

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

Exploits (2)

nomisec WRITEUP
by Abdirisaq-ali-aynab · poc
https://github.com/Abdirisaq-ali-aynab/vulnerability-assessment

This repository provides a detailed vulnerability assessment for OpenSSH 6.6.1p1, including technical analysis of CVE-2015-5600 and other CVEs, remediation steps, and MITRE ATT&CK mapping. It does not contain exploit code but offers in-depth security research.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: OpenSSH 6.6.1p1
No auth needed
Prerequisites: Outdated OpenSSH version (6.6.1p1) · Network access to target system
devstral-2 · analyzed May 01, 2026 Full analysis →
nomisec WRITEUP
by Abdirisaq-ali-aynab · poc
https://github.com/Abdirisaq-ali-aynab/openssh-vulnerability-assessment

This repository contains a detailed vulnerability assessment writeup for OpenSSH 6.6.1p1, focusing on CVE-2015-5600 and other related CVEs. It includes technical analysis, remediation steps, and MITRE ATT&CK mappings but does not contain exploit code.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
N/a
Reliability
N/a
Target: OpenSSH 6.6.1p1
No auth needed
Prerequisites: Outdated OpenSSH version (6.6.1p1) · Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (33)

Core 33
Core References
Vendor Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2710-2
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201512-04
Vendor Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-0466.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/75990
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/91787
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/92012
Vendor Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2710-1
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032988

Scores

CVSS v3 8.1
EPSS 0.0930
EPSS Percentile 94.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-264 CWE-400
Status published
Products (1)
openbsd/openssh < 6.9
Published Aug 03, 2015
Tracked Since Feb 18, 2026