Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 735
Alerts This Week
Warning Icon 1 735

Debian Jessie: DLA-1500-1 Critical OpenSSH Access Control Flaws

debian lts
Calendar Grey September 10, 2018
Dist Debian Esm H88
Multiple vulnerabilities detected in OpenSSH for Debian Jessie, necessitating urgent package upgrades to safeguard systems.
Several vulnerabilities have been found in OpenSSH, a free implementation of the SSH protocol suite:

Summary

CVE-2015-5352

OpenSSH incorrectly verified time window deadlines for X connections.
Remote attackers could take advantage of this flaw to bypass intended
access restrictions. Reported by Jann Horn.

CVE-2015-5600

OpenSSH improperly restricted the processing of keyboard-interactive
devices within a single connection, which could allow remote attackers to perform brute-force attacks or cause a denial of service, in a
non-default configuration.

CVE-2015-6563

OpenSSH incorrectly handled usernames during PAM authentication. In
conjunction with an additional flaw in the OpenSSH unprivileged child
process, remote attackers could make use if this issue to perform user
impersonation. Discovered by Moritz Jodeit.

CVE-2015-6564

Moritz Jodeit discovered a use-after-free flaw in PAM support in
OpenSSH, that could be used by remote attackers to bypass
authentication or possibly execute arbitrary code.

CVE-2016-1908

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: openssh
Version: 1:6.7p1-5+deb8u6
CVE ID: CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564
Debian Bug: 790798 793616 795711 848716 848717

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.