var-201808-0455
Vulnerability from variot
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH Contains an information disclosure vulnerability.Information may be obtained. OpenSSH is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. OpenSSH through 7.7 are vulnerable; other versions may also be affected. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. This vulnerability stems from configuration errors in network systems or products during operation.
Impact
A remote attacker could conduct user enumeration.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.7_p1-r8"
References
[ 1 ] CVE-2018-15473 https://nvd.nist.gov/vuln/detail/CVE-2018-15473
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201810-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:2143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2143 Issue date: 2019-08-06 CVE Names: CVE-2018-15473 ==================================================================== 1. Summary:
An update for openssh is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
- openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1583735 - Permission denied reading authorized_keys when setting AuthorizedKeysCommand 1619063 - CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests 1712053 - tmux session not attached automatically during manual installation on s390x 1722446 - openssh FIPS cipher list has an extra comma in it
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssh-7.4p1-21.el7.src.rpm
x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssh-7.4p1-21.el7.src.rpm
x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssh-7.4p1-21.el7.src.rpm
ppc64: openssh-7.4p1-21.el7.ppc64.rpm openssh-askpass-7.4p1-21.el7.ppc64.rpm openssh-clients-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-keycat-7.4p1-21.el7.ppc64.rpm openssh-server-7.4p1-21.el7.ppc64.rpm
ppc64le: openssh-7.4p1-21.el7.ppc64le.rpm openssh-askpass-7.4p1-21.el7.ppc64le.rpm openssh-clients-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-keycat-7.4p1-21.el7.ppc64le.rpm openssh-server-7.4p1-21.el7.ppc64le.rpm
s390x: openssh-7.4p1-21.el7.s390x.rpm openssh-askpass-7.4p1-21.el7.s390x.rpm openssh-clients-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-keycat-7.4p1-21.el7.s390x.rpm openssh-server-7.4p1-21.el7.s390x.rpm
x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssh-cavs-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-ldap-7.4p1-21.el7.ppc64.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64.rpm
ppc64le: openssh-cavs-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-ldap-7.4p1-21.el7.ppc64le.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64le.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64le.rpm
s390x: openssh-cavs-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-ldap-7.4p1-21.el7.s390x.rpm openssh-server-sysvinit-7.4p1-21.el7.s390x.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390x.rpm
x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssh-7.4p1-21.el7.src.rpm
x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-15473 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl2+9zjgjWX9erEAQghMQ//ao8h2SV6O/qKXHnO+WB1PYTD3rzASW8f pE++fRS0YTGtkoCmwEsYDRqg7Xw+3LIX/j8gYztFtMDoU7alLTkywBvszsBvRSCF Xi2yutUkhcygCldcwrHwNgVGa2kMni6Fm/O2ZCLkHdOHZLwMOZjBe0T4Ompc2ok5 TshNRwUWjCfzY3pwG1c9lffrfq2/DgIzi+o9MCjNCaRgFKDo9Ufgw93CSmPm/61u WVr7pV/+yXRlswG0ZnK3gOK19lYQIQfS9sQJzFelcF1pOCseZUqiKOTVMcBP0XaB uIODY4Ra/BRX9pLXN9JkBTBE8iSPO+VGKoF/m9urqpg7Z+kaH2KwdyrJeHIzY/mA e1Cidd4RsK9HwwBoRdIlw6MjstoymmF2OaYcO0Yb36abUWEF0CFIZQeAZR89ZvGG zKnc+YybH/ELu1VEF7CfBQFyP6DFt8fgFvBI5yCCjzxy0XYVrave6zLO+6a7Hg94 5UDWDIIT7h55CYlfCiZ4pBClRJSO4/XKs3lcUsvirnyagyO5it1yZpkCiavFfcah PewUzfp6mz5BXUUhJHDdFe/LgAWE7DCiMy1A78iKy0kY4Yu/tgfgMJ/KXYnyIj62 mY7o0lHcjBNHqUVDscNOtbV3EG7jsgHI1XtTIOlBeijkmPaDZnnMbM5ZXhhDzGPV fl5KApr4ST8=wPC+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the stable distribution (stretch), this problem has been fixed in version 1:7.4p1-10+deb9u4.
We recommend that you upgrade your openssh packages.
For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlt9ATUACgkQEL6Jg/PV nWSHYggArjTv1/72Mxj8D8qXRiixHTY3QIRki03VOLQtk7tje8BmymeRerwmECGh fjBuF4sueVrBED7vWpf9+HU9Z8VYLDKQp56xMLlqnt1Ge5HaPVHLToY4gn/lOl+J pFGwn4BKYMlo+v/rnWg1Ay0n8DZnmg8GnBqgpeFI56AUy4rw9eaRAByI80Btd69u vInT9A/sOYmywD4fH6cl7JDDZHF1AxgkW9Jar/tTVQtR/PqT7Cb2RJmxOB75/BrG /8etuiWfh6sY4cBZco+AkXL2Yb97bJQdwDZQwqMLJtA2rdjSGA3zQdnzM8htrSYH p0SeM24q209KRsvXG9KM3vKWW4vohw== =qxOC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3809-2 August 12, 2021
openssh regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
USN-3809-1 introduced a regression in OpenSSH.
Software Description: - openssh: secure shell (SSH) for secure access to remote machines
Details:
USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: openssh-server 1:7.6p1-4ubuntu0.5
In general, a standard system update will make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0455", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssh", "scope": "lte", "trust": 1.8, "vendor": "openbsd", "version": "7.7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "storage replication adapter", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.2" }, { "model": "service processor", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance x204rna", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.7" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data ontap edge", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "aff baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "vasa provider", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "ontap select deploy", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.4" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "virtual storage console", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.2" }, { "model": "cn1610", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "sun zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8.6" }, { "model": "fas baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "4.2" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "4.4" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "5.1" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "5.4" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "5.2" }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openbsd", "version": "5.3" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openbsd", "version": "4.2p1" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openbsd", "version": "1.5.8" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0.2" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "1.2.3" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.1.x" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.3.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.6" }, { "model": "openssh 5.8p2", "scope": null, "trust": 0.3, "vendor": "openbsd", "version": null }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.9" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "data exchange layer", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.1.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.2.x" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.5.2" }, { "model": "openssh 4.3p1", "scope": null, "trust": 0.3, "vendor": "openbsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "data exchange layer hotfix", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "4.1.21" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.126" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.1.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12.9" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "openssh p2", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.5.2" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.8.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "7.7" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.3.1" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.2.0" }, { "model": "openssh 4.7p1", "scope": null, "trust": 0.3, "vendor": "openbsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "openssh p2", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "data exchange layer", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.4" }, { "model": "openssh 4.2p1", "scope": null, "trust": 0.3, "vendor": "openbsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "1.2" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "data exchange layer", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" } ], "sources": [ { "db": "BID", "id": "105140" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-15473" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat,The vendor reported this issue.,OpenSSL", "sources": [ { "db": "CNNVD", "id": "CNNVD-201808-536" } ], "trust": 0.6 }, "cve": "CVE-2018-15473", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-15473", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-125736", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2018-15473", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-15473", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201808-536", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-125736", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-15473", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH Contains an information disclosure vulnerability.Information may be obtained. OpenSSH is prone to a user-enumeration vulnerability. \nAn attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. \nOpenSSH through 7.7 are vulnerable; other versions may also be affected. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. This vulnerability stems from configuration errors in network systems or products during operation. \n\nImpact\n======\n\nA remote attacker could conduct user enumeration. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/openssh-7.7_p1-r8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-15473\n https://nvd.nist.gov/vuln/detail/CVE-2018-15473\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201810-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: openssh security, bug fix, and enhancement update\nAdvisory ID: RHSA-2019:2143-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2143\nIssue date: 2019-08-06\nCVE Names: CVE-2018-15473\n====================================================================\n1. Summary:\n\nAn update for openssh is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux,\nUNIX, and similar operating systems. It includes the core files necessary\nfor both the OpenSSH client and server. \n\nSecurity Fix(es):\n\n* openssh: User enumeration via malformed packets in authentication\nrequests (CVE-2018-15473)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1583735 - Permission denied reading authorized_keys when setting AuthorizedKeysCommand\n1619063 - CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests\n1712053 - tmux session not attached automatically during manual installation on s390x\n1722446 - openssh FIPS cipher list has an extra comma in it\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssh-7.4p1-21.el7.src.rpm\n\nx86_64:\nopenssh-7.4p1-21.el7.x86_64.rpm\nopenssh-askpass-7.4p1-21.el7.x86_64.rpm\nopenssh-clients-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-keycat-7.4p1-21.el7.x86_64.rpm\nopenssh-server-7.4p1-21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssh-cavs-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.i686.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-ldap-7.4p1-21.el7.x86_64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssh-7.4p1-21.el7.src.rpm\n\nx86_64:\nopenssh-7.4p1-21.el7.x86_64.rpm\nopenssh-clients-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-keycat-7.4p1-21.el7.x86_64.rpm\nopenssh-server-7.4p1-21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssh-askpass-7.4p1-21.el7.x86_64.rpm\nopenssh-cavs-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.i686.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-ldap-7.4p1-21.el7.x86_64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssh-7.4p1-21.el7.src.rpm\n\nppc64:\nopenssh-7.4p1-21.el7.ppc64.rpm\nopenssh-askpass-7.4p1-21.el7.ppc64.rpm\nopenssh-clients-7.4p1-21.el7.ppc64.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc64.rpm\nopenssh-keycat-7.4p1-21.el7.ppc64.rpm\nopenssh-server-7.4p1-21.el7.ppc64.rpm\n\nppc64le:\nopenssh-7.4p1-21.el7.ppc64le.rpm\nopenssh-askpass-7.4p1-21.el7.ppc64le.rpm\nopenssh-clients-7.4p1-21.el7.ppc64le.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc64le.rpm\nopenssh-keycat-7.4p1-21.el7.ppc64le.rpm\nopenssh-server-7.4p1-21.el7.ppc64le.rpm\n\ns390x:\nopenssh-7.4p1-21.el7.s390x.rpm\nopenssh-askpass-7.4p1-21.el7.s390x.rpm\nopenssh-clients-7.4p1-21.el7.s390x.rpm\nopenssh-debuginfo-7.4p1-21.el7.s390x.rpm\nopenssh-keycat-7.4p1-21.el7.s390x.rpm\nopenssh-server-7.4p1-21.el7.s390x.rpm\n\nx86_64:\nopenssh-7.4p1-21.el7.x86_64.rpm\nopenssh-askpass-7.4p1-21.el7.x86_64.rpm\nopenssh-clients-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-keycat-7.4p1-21.el7.x86_64.rpm\nopenssh-server-7.4p1-21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssh-cavs-7.4p1-21.el7.ppc64.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc64.rpm\nopenssh-ldap-7.4p1-21.el7.ppc64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.ppc64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.ppc.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.ppc64.rpm\n\nppc64le:\nopenssh-cavs-7.4p1-21.el7.ppc64le.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc64le.rpm\nopenssh-ldap-7.4p1-21.el7.ppc64le.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.ppc64le.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.ppc64le.rpm\n\ns390x:\nopenssh-cavs-7.4p1-21.el7.s390x.rpm\nopenssh-debuginfo-7.4p1-21.el7.s390.rpm\nopenssh-debuginfo-7.4p1-21.el7.s390x.rpm\nopenssh-ldap-7.4p1-21.el7.s390x.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.s390x.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.s390.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.s390x.rpm\n\nx86_64:\nopenssh-cavs-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.i686.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-ldap-7.4p1-21.el7.x86_64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssh-7.4p1-21.el7.src.rpm\n\nx86_64:\nopenssh-7.4p1-21.el7.x86_64.rpm\nopenssh-askpass-7.4p1-21.el7.x86_64.rpm\nopenssh-clients-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-keycat-7.4p1-21.el7.x86_64.rpm\nopenssh-server-7.4p1-21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssh-cavs-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.i686.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-ldap-7.4p1-21.el7.x86_64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-15473\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl2+9zjgjWX9erEAQghMQ//ao8h2SV6O/qKXHnO+WB1PYTD3rzASW8f\npE++fRS0YTGtkoCmwEsYDRqg7Xw+3LIX/j8gYztFtMDoU7alLTkywBvszsBvRSCF\nXi2yutUkhcygCldcwrHwNgVGa2kMni6Fm/O2ZCLkHdOHZLwMOZjBe0T4Ompc2ok5\nTshNRwUWjCfzY3pwG1c9lffrfq2/DgIzi+o9MCjNCaRgFKDo9Ufgw93CSmPm/61u\nWVr7pV/+yXRlswG0ZnK3gOK19lYQIQfS9sQJzFelcF1pOCseZUqiKOTVMcBP0XaB\nuIODY4Ra/BRX9pLXN9JkBTBE8iSPO+VGKoF/m9urqpg7Z+kaH2KwdyrJeHIzY/mA\ne1Cidd4RsK9HwwBoRdIlw6MjstoymmF2OaYcO0Yb36abUWEF0CFIZQeAZR89ZvGG\nzKnc+YybH/ELu1VEF7CfBQFyP6DFt8fgFvBI5yCCjzxy0XYVrave6zLO+6a7Hg94\n5UDWDIIT7h55CYlfCiZ4pBClRJSO4/XKs3lcUsvirnyagyO5it1yZpkCiavFfcah\nPewUzfp6mz5BXUUhJHDdFe/LgAWE7DCiMy1A78iKy0kY4Yu/tgfgMJ/KXYnyIj62\nmY7o0lHcjBNHqUVDscNOtbV3EG7jsgHI1XtTIOlBeijkmPaDZnnMbM5ZXhhDzGPV\nfl5KApr4ST8=wPC+\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:7.4p1-10+deb9u4. \n\nWe recommend that you upgrade your openssh packages. \n\nFor the detailed security status of openssh please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssh\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlt9ATUACgkQEL6Jg/PV\nnWSHYggArjTv1/72Mxj8D8qXRiixHTY3QIRki03VOLQtk7tje8BmymeRerwmECGh\nfjBuF4sueVrBED7vWpf9+HU9Z8VYLDKQp56xMLlqnt1Ge5HaPVHLToY4gn/lOl+J\npFGwn4BKYMlo+v/rnWg1Ay0n8DZnmg8GnBqgpeFI56AUy4rw9eaRAByI80Btd69u\nvInT9A/sOYmywD4fH6cl7JDDZHF1AxgkW9Jar/tTVQtR/PqT7Cb2RJmxOB75/BrG\n/8etuiWfh6sY4cBZco+AkXL2Yb97bJQdwDZQwqMLJtA2rdjSGA3zQdnzM8htrSYH\np0SeM24q209KRsvXG9KM3vKWW4vohw==\n=qxOC\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3809-2\nAugust 12, 2021\n\nopenssh regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-3809-1 introduced a regression in OpenSSH. \n\nSoftware Description:\n- openssh: secure shell (SSH) for secure access to remote machines\n\nDetails:\n\nUSN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473\nwas incomplete and could introduce a regression in certain environments. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. \n An attacker could possibly use this issue to cause a denial of service. \n This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n (CVE-2016-10708)\n It was discovered that OpenSSH incorrectly handled certain requests. \n An attacker could possibly use this issue to access sensitive information. \n (CVE-2018-15473)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n openssh-server 1:7.6p1-4ubuntu0.5\n\nIn general, a standard system update will make all the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "BID", "id": "105140" }, { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "152444" }, { "db": "PACKETSTORM", "id": "150190" }, { "db": "PACKETSTORM", "id": "153906" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "PACKETSTORM", "id": "163809" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45233", "trust": 0.2, "type": "exploit" }, { "reference": "https://www.scap.org.cn/vuln/vhn-125736", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-15473", "trust": 3.5 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2018/08/15/5", "trust": 2.5 }, { "db": "SECTRACK", "id": "1041487", "trust": 2.5 }, { "db": "BID", "id": "105140", "trust": 2.0 }, { "db": "EXPLOIT-DB", "id": "45939", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "45210", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "45233", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10266", "trust": 0.9 }, { "db": "PACKETSTORM", "id": "152444", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-009191", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201808-536", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "163809", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1277", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3514", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0936", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1557", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1212", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3462", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0342", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2750", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081216", "trust": 0.6 }, { "db": "NSFOCUS", "id": "43154", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "149694", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "149037", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "153906", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150621", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-97503", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-125736", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-15473", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150190", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "BID", "id": "105140" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "152444" }, { "db": "PACKETSTORM", "id": "150190" }, { "db": "PACKETSTORM", "id": "153906" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "PACKETSTORM", "id": "163809" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "id": "VAR-201808-0455", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-125736" } ], "trust": 0.49475753999999994 }, "last_update_date": "2023-12-18T11:15:45.228000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] [DLA-1474-1] openssh security update", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { "title": "#906236", "trust": 0.8, "url": "https://bugs.debian.org/906236" }, { "title": "DSA-4280", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4280" }, { "title": "delay bailout for invalid authenticating user until after the packet", "trust": 0.8, "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { "title": "OpenSSH Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=84138" }, { "title": "Red Hat: Low: openssh security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192143 - security advisory" }, { "title": "Red Hat: Low: openssh security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190711 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=03af68f4d7fde0c3fb73e02126ff3a8e" }, { "title": "Debian Security Advisories: DSA-4280-1 openssh -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2a7b5fb5e55d81eb17c62731bbbfd77a" }, { "title": "Ubuntu Security Notice: openssh vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3809-1" }, { "title": "Debian CVElist Bug Report Logs: dropbear: CVE-2018-15599", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7c424f6ef8f9ae42d937439b82dd93b6" }, { "title": "Amazon Linux AMI: ALAS-2018-1075", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1075" }, { "title": "Red Hat: CVE-2018-15473", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-15473" }, { "title": "IBM: IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in OpenSSH (CVE-2018-15473)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=253611bf347a972572fe2b907ea5475f" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-15473" }, { "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by an openssh vulnerability (CVE-2018-15473)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7a5223ad10e1ecdb6ac4eeefcf28a096" }, { "title": "Amazon Linux 2: ALAS2-2018-1075", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2018-1075" }, { "title": "IBM: IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=10fccabd4c7b965694dd52ad1484a543" }, { "title": "Citrix Security Bulletins: Citrix Hypervisor Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=93d4930e8ac6de6dc742ba1d0a2eb835" }, { "title": "Symantec Security Advisories: OpenSSH Vulnerabilities Jan-Aug 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=eafec7859e071aa17b0b5511d3b3eb53" }, { "title": "IBM: IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=09467db835e132cd1a0a8012efa155dc" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0cf12ffad0c479958deb0741d0970b4e" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=d08e40deea44ef7cc7cf69a5cbffc984" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864" }, { "title": "SUF", "trust": 0.1, "url": "https://github.com/ghostwalkr/suf " }, { "title": "cve-2018-15473", "trust": 0.1, "url": "https://github.com/epi052/cve-2018-15473 " }, { "title": "CVE-2018-15473-Exploit", "trust": 0.1, "url": "https://github.com/rhynorater/cve-2018-15473-exploit " }, { "title": "cve-2018-15473", "trust": 0.1, "url": "https://github.com/wh1t3fox/cve-2018-15473 " }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2018-15473 " }, { "title": "CVE-2018-15473_exploit", "trust": 0.1, "url": "https://github.com/pyperanger/cve-2018-15473_exploit " }, { "title": "", "trust": 0.1, "url": "https://github.com/pixiel333/pentest-cheat-sheet " }, { "title": "tools-bbounty", "trust": 0.1, "url": "https://github.com/korbanbbt/tools-bbounty " }, { "title": "CVE-2018-15473", "trust": 0.1, "url": "https://github.com/1stpeak/cve-2018-15473 " }, { "title": "cve-2018-15473", "trust": 0.1, "url": "https://github.com/cved-sources/cve-2018-15473 " }, { "title": "CVE-2018-15473_OpenSSH_7.7", "trust": 0.1, "url": "https://github.com/wildfootw/cve-2018-15473_openssh_7.7 " }, { "title": "SUOPE", "trust": 0.1, "url": "https://github.com/angry-bender/suope " }, { "title": "patch_exploit_ssh", "trust": 0.1, "url": "https://github.com/gustavorobertux/patch_exploit_ssh " }, { "title": "CVE-2018-15473", "trust": 0.1, "url": "https://github.com/sait-nuri/cve-2018-15473 " }, { "title": "WebMap", "trust": 0.1, "url": "https://github.com/jcradarsniper/webmap " }, { "title": "shodan-CVE-2018-15473", "trust": 0.1, "url": "https://github.com/66quentin/shodan-cve-2018-15473 " }, { "title": "CVE-2018-15473", "trust": 0.1, "url": "https://github.com/robiul-awal/cve-2018-15473 " }, { "title": "", "trust": 0.1, "url": "https://github.com/0xrobiul/cve-2018-15473 " }, { "title": "CVE-2018-15473", "trust": 0.1, "url": "https://github.com/r3dxpl0it/cve-2018-15473 " }, { "title": "CVE-2018-15473-exp", "trust": 0.1, "url": "https://github.com/linyikai/cve-2018-15473-exp " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "NVD", "id": "CVE-2018-15473" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.5, "url": "http://www.securityfocus.com/bid/105140" }, { "trust": 2.5, "url": "http://www.openwall.com/lists/oss-security/2018/08/15/5" }, { "trust": 2.5, "url": "http://www.securitytracker.com/id/1041487" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:0711" }, { "trust": 2.0, "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201810-03" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2143" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.7, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0011" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20181101-0001/" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4280" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/45210/" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/45233/" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/45939/" }, { "trust": 1.7, "url": "https://bugs.debian.org/906236" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3809-1/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15473" }, { "trust": 1.1, "url": "https://access.redhat.com/security/cve/cve-2018-15473" }, { "trust": 0.9, "url": "https://github.com/rhynorater/cve-2018-15473-exploit" }, { "trust": 0.9, "url": "http://www.openssh.com" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619063" }, { "trust": 0.9, "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2019-5461368.html" }, { "trust": 0.9, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10266" }, { "trust": 0.9, "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory12.asc" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15473" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284766" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284760" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284772" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284778" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284784" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10880795" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170328" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170340" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170334" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170322" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170352" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170346" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-addressed-in-ibm-security-privileged-identity-manager/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152444/red-hat-security-advisory-2019-0711-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities-cve-2019-4674-cve-2018-15473-cve-2019-4675/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081216" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0342/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1101975" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163809/ubuntu-security-notice-usn-3809-2.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/77578" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3462/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/43154" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3514/" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10880777" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-have-been-addressed-in-ibm-security-directory-suite-cve-2018-15473/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1557/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-affects-ibm-integrated-analytics-system/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0102/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-openssh-vulnerabilty-cve-2018-15473/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78730" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/79026" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-vulnerable-to-information-disclosure-cve-2018-15473/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2750" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870680" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10708" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.6" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3809-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.11" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/openssh" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1934501" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-3809-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.5" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-3809-1" } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "BID", "id": "105140" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "152444" }, { "db": "PACKETSTORM", "id": "150190" }, { "db": "PACKETSTORM", "id": "153906" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "PACKETSTORM", "id": "163809" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "BID", "id": "105140" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "152444" }, { "db": "PACKETSTORM", "id": "150190" }, { "db": "PACKETSTORM", "id": "153906" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "PACKETSTORM", "id": "163809" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-08-17T00:00:00", "db": "VULHUB", "id": "VHN-125736" }, { "date": "2018-08-17T00:00:00", "db": "VULMON", "id": "CVE-2018-15473" }, { "date": "2018-08-16T00:00:00", "db": "BID", "id": "105140" }, { "date": "2018-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "date": "2018-10-07T19:19:00", "db": "PACKETSTORM", "id": "149694" }, { "date": "2019-04-09T17:52:27", "db": "PACKETSTORM", "id": "152444" }, { "date": "2018-11-06T21:04:06", "db": "PACKETSTORM", "id": "150190" }, { "date": "2019-08-06T20:56:04", "db": "PACKETSTORM", "id": "153906" }, { "date": "2018-08-22T18:18:00", "db": "PACKETSTORM", "id": "149037" }, { "date": "2021-08-12T15:49:43", "db": "PACKETSTORM", "id": "163809" }, { "date": "2018-08-17T19:29:00.223000", "db": "NVD", "id": "CVE-2018-15473" }, { "date": "2018-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-23T00:00:00", "db": "VULHUB", "id": "VHN-125736" }, { "date": "2023-02-23T00:00:00", "db": "VULMON", "id": "CVE-2018-15473" }, { "date": "2019-04-19T07:00:00", "db": "BID", "id": "105140" }, { "date": "2018-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "date": "2023-02-23T23:13:42.887000", "db": "NVD", "id": "CVE-2018-15473" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSH Vulnerable to information disclosure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-009191" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "competition condition problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201808-536" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.