Published: 03/08/2015 Updated: 13/12/2022

CVSS v2 Base Score: 8.5 | Impact Score: 7.8 | Exploitability Score: 10

VMScore: 758

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH up to and including 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote malicious users to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openssh

Synopsis Moderate: openssh security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated openssh packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 7Red Hat Product Security has rated this u ...

USN-2710-1 introduced a regression in OpenSSH ...

Several security issues were fixed in OpenSSH ...

Debian Bug report logs - #790798 openssh: CVE-2015-5352: XSECURITY restrictions bypass under certain conditions in ssh Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: jmm@debianorg Date: Wed, 1 Jul 2015 19:33:02 UTC Severity: important Tags: fixed ...

Debian Bug report logs - #793616 openssh: CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Jul 2015 15:30:01 ...

Debian Bug report logs - #795711 openssh: CVE-2015-6563 CVE-2015-6564 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 16 Aug 2015 12:04:21 UTC Severity: important Tags: security Found in version ...

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users It was discovered that the OpenSSH sshd daemon did not ch ...

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks ...

CWE-264 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h http://openwall.com/lists/oss-security/2015/07/23/4 http://seclists.org/fulldisclosure/2015/Jul/92 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html https://support.apple.com/kb/HT205031 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992 http://www.securityfocus.com/bid/91787 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75990 http://www.securityfocus.com/bid/92012 http://rhn.redhat.com/errata/RHSA-2016-0466.html https://kc.mcafee.com/corporate/index?page=content&id=SB10157 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480 https://security.gentoo.org/glsa/201512-04 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697 https://kc.mcafee.com/corporate/index?page=content&id=SB10136 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html http://www.ubuntu.com/usn/USN-2710-2 http://www.ubuntu.com/usn/USN-2710-1 http://www.securitytracker.com/id/1032988 https://security.netapp.com/advisory/ntap-20151106-0001/http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://access.redhat.com/errata/RHSA-2015:2088 https://nvd.nist.gov https://usn.ubuntu.com/2710-2/https://access.redhat.com/security/cve/cve-2015-5600 https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5600

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect