Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2016-6515

Published: 07/08/2016 Updated: 07/11/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 786
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Openssh

Vulnerability Summary

The auth_password function in auth-passwd.c in sshd in OpenSSH prior to 7.3 does not limit password lengths for password authentication, which allows remote malicious users to cause a denial of service (crypt CPU consumption) via a long string.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh

fedoraproject fedora 24

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2016-6515: CPU consumption via auth_password
Debian Bug report logs - #833823 CVE-2016-6515: CPU consumption via auth_password Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Tue, 9 Aug 2016 05:15:01 UTC Severity: important Tags: fixed-upstream, se ...
Ubuntu Security Notice: openssh vulnerabilities
Several security issues were fixed in OpenSSH ...
Amazon Linux AMI: ALAS-2017-898
A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses (CVE-2016-6210) It was found that OpenSSH did not limit password lengths for password authentication A remo ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Exploits

Exploit DB: OpenSSH 7.2 - Denial of Service
################################################################################ # Title : OpenSSH before 73 Crypt CPU Consumption (DoS Vulnerability) # Author : Kashinath T (tkashinath@secpodcom) (wwwsecpodcom) # Vendor : wwwopensshcom/ # Software : wwwopensshcom/ # Version : OpenSSH before 73 # Tested on : Ubuntu 1604 LTS ...
Exploit DB: OpenSSH 7.2 Denial Of Service
OpenSSH versions 72 and below crypt CPU consumption denial of service exploit ...

Github Repositories

https://github.com/opsxcq/exploit-CVE-2016-6515

OpenSSH remote DOS exploit and vulnerable container

OpenSSH remote DOS Before 73 OpenSSH does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string This bug resides in auth-passwdc in auth_password function Attackers can exploit this issue to cause the application to enter an infinite loop and consume excessive CPU resourc

https://github.com/jptr218/openssh_dos

A proof of concept for CVE-2016-6515

Since OpenSSH servers don't restrict the login password length, you can cause these servers to crash by sending very long passwords which use massive amounts of a the server's CPU to hash This vulnerability is known as CVE-2016-6515 My POC can be downloaded here (you will need to unzip) Usage: openssh_dos [target IP] [target port]

https://github.com/cved-sources/cve-2016-6515

cve-2016-6515

CVE-2016-6515 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2016-6515 Image author: githubcom/opsxcq/exploit-CVE-2016-6515

References

CWE-20https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97http://openwall.com/lists/oss-security/2016/08/01/2http://www.securityfocus.com/bid/92212https://www.exploit-db.com/exploits/40888/http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.htmlhttp://www.securitytracker.com/id/1036487http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.aschttps://security.netapp.com/advisory/ntap-20171130-0003/https://access.redhat.com/errata/RHSA-2017:2029https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_ushttps://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833823https://usn.ubuntu.com/3061-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/40888/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook