It is currently 18-12-2017 04:15

Discovered in OpenSSH multiple vulnerabilities

Discovered in OpenSSH multiple vulnerabilities

by sigismund » 2016-08-03 11:19:09


Proekspluatirovat problems, remote attacker could cause a denial of service or to elevate privileges on the system.


The OpenSSH client discovered a number of vulnerabilities allowing denial of service to access critical data and elevate privileges on the system. Problems affect all versions of OpenSSH prior to 7.3.

The first vulnerability exists because of an error in the function crypt(3) when processing a too long password. Remote attacker could send the server a specially-formed (very long) password, and to consume large amounts of CPU resources.

The second vulnerability is due to errors in implementations of cryptographic algorithms. Proekspluatirovat problem, an attacker can carry out a CBC padding oracle attack on ssh(1) and sshd(8).

Another vulnerability exists due to errors in the data processing environment. A local user could use a specially crafted environment variable to carry out attacks on process bin/login if the PAM system is configured to read data from environment variables and sshd_config contains the option UseLogin=yes. The vulnerability applies to the portable version of OpenSSH.

Finally, the fourth problem is caused by an error in the implementation of MAC verification algorithms Encrypt-then-MAC (EtM). Proekspluatirovat the vulnerability, the attackers can perform timing attack.
Fixed OpenSSH 7.3 is already available on the website of the developer.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5