CVE-2015-5600
published 2015-08-03CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices…
PriorityP351high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
9.30%
94.7th percentile
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.5_and_security_update_2015-006 | — | — |
| debian | openssh | < openssh 1:6.9p1-1 (bookworm) | openssh 1:6.9p1-1 (bookworm) |
| openbsd | openssh | <= 6.9 | — |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.9p1-1 | 1:6.9p1-1 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.3 | 1:6.6p1-2ubuntu2.3 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.2 | 1:6.6p1-2ubuntu2.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →The attack exploits the kbdint_next_device function in auth2-chall.c by supplying a long, duplicative list of keyboard-interactive devices to bypass MaxAuthTries; detect SSH connections presenting an abnormally long or repeated KbdInteractiveDevices list. ↗
- →Monitor for unusually high numbers of authentication attempts within a single SSH connection that exceed the configured MaxAuthTries value, which is the primary indicator of this bypass being exploited. ↗
- →Alert on sshd CPU spikes correlated with keyboard-interactive authentication sessions, as the vulnerability can also be used for denial of service via CPU consumption. ↗
- →Flag OpenSSH versions through 6.9 running with PAM-based password authentication (UsePAM yes / ChallengeResponseAuthentication yes) as vulnerable targets. ↗
- ·The vulnerability only affects non-default configurations where keyboard-interactive (PAM) authentication is enabled; default Red Hat Enterprise Linux 4, 5, 6, and 7 configurations are not affected. ↗
- ·Setting 'ChallengeResponseAuthentication no' in sshd_config mitigates the issue but disables keyboard-interactive authentication entirely. ↗
- ·Setting 'UsePAM no' in sshd_config also mitigates CVE-2015-5600 but at the cost of losing PAM framework features. ↗
- ·The upstream fix for CVE-2015-5600 introduced a regression causing random authentication failures in non-default configurations; a follow-on update (USN-2710-2) was required. ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.08.5HIGHAV:N/AC:L/Au:N/C:P/I:N/A:C
osv8.5HIGH
vendor_debian8.5HIGH
vendor_redhat8.5HIGH
vendor_cisco7.8HIGH
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Oracle Communications 12.x Policy Management access control (Nessus ID 85033 / ID 350077)
vuldb·2026-05-28·CVSS 8.1
CVE-2015-5600 [HIGH] Oracle Communications 12.x Policy Management access control (Nessus ID 85033 / ID 350077)
A vulnerability was found in Oracle Communications 12.x. It has been declared as critical. Affected is an unknown function of the component Policy Management. Executing a manipulation can lead to improper access controls.
This vulnerability is tracked as CVE-2015-5600. The attack can be launched remotely. No exploit exists.
It is recommended to upgrade the affected component.
VulDB
Oracle ILOM 3.0/3.1/3.2 access control (Nessus ID 87351 / ID 350077)
vuldb·2026-05-28·CVSS 8.1
CVE-2015-5600 [HIGH] Oracle ILOM 3.0/3.1/3.2 access control (Nessus ID 87351 / ID 350077)
A vulnerability was found in Oracle ILOM 3.0/3.1/3.2. It has been rated as very critical. This issue affects some unknown processing. The manipulation leads to improper access controls.
This vulnerability is listed as CVE-2015-5600. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.
VulDB
OpenSSH up to 6.9 auth2-chall.c kbdint_next_device access control (HT20503 / Nessus ID 85278)
vuldb·2026-05-28·CVSS 8.1
CVE-2015-5600 [HIGH] OpenSSH up to 6.9 auth2-chall.c kbdint_next_device access control (HT20503 / Nessus ID 85278)
A vulnerability identified as problematic has been detected in OpenSSH up to 6.9. Affected by this issue is the function kbdint_next_device of the file auth2-chall.c. Performing a manipulation results in improper access controls.
This vulnerability is cataloged as CVE-2015-5600. It is possible to initiate the attack remotely. There is no exploit available.
You should upgrade the affected component.
GHSA
GHSA-6x25-gfx2-5crp: The kbdint_next_device function in auth2-chall
ghsa_unreviewed·2022-05-13
CVE-2015-5600 [HIGH] GHSA-6x25-gfx2-5crp: The kbdint_next_device function in auth2-chall
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
OSV
openssh regression
osv·2015-08-18·CVSS 4.3
CVE-2015-5600 [MEDIUM] openssh regression
openssh regression
USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for
CVE-2015-5600 caused a regression resulting in random authentication
failures in non-default configurations. This update fixes the problem.
Original advisory details:
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this issue could
allow a remote attacker to bypass authentication or
OSV
openssh vulnerabilities
osv·2015-08-14·CVSS 4.3
[MEDIUM] openssh vulnerabilities
openssh vulnerabilities
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this issue could
allow a remote attacker to bypass authentication or possibly execute
arbitrary code. (CVE number pending)
Jann Horn discovered that OpenSSH incorrectly handled time windows for
X connections. A remote attacker could use this issue to bypass certain
access restrictions. (CVE-2015-
OSV
CVE-2015-5600: The kbdint_next_device function in auth2-chall
osv·2015-08-03·CVSS 8.5
CVE-2015-5600 [HIGH] CVE-2015-5600: The kbdint_next_device function in auth2-chall
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Cisco
Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
vendor_cisco·2016-03-03·CVSS 7.8
CVE-2015-6260 [HIGH] CWE-20 Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Nexus 5500 Platform Switches, Cisco Nexus 5600 Platform Switches, and Cisco Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly.
The vulnerability is due to improper validation of SNMP Protocol Data Units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device, which could cause the SNMP application on the device to restart. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to
Ubuntu
OpenSSH regression
vendor_ubuntu·2015-08-18·CVSS 4.3
CVE-2015-5600 [MEDIUM] OpenSSH regression
Title: OpenSSH regression
Summary: USN-2710-1 introduced a regression in OpenSSH.
USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for
CVE-2015-5600 caused a regression resulting in random authentication
failures in non-default configurations. This update fixes the problem.
Original advisory details:
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this
Ubuntu
OpenSSH vulnerabilities
vendor_ubuntu·2015-08-14·CVSS 4.3
CVE-2015-5352 [MEDIUM] OpenSSH vulnerabilities
Title: OpenSSH vulnerabilities
Summary: Several security issues were fixed in OpenSSH.
Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this issue could
allow a remote attacker to bypass authentication or possibly execute
arbitrary code. (CVE number pending)
Jann Horn discovered that OpenSSH incorrectly handled time windows for
X connections. A remote attacker could
BSD
FreeBSD-SA-15:16.openssh: OpenSSH multiple vulnerabilities
bsd_advisories·2015-07-28·CVSS 5.8
CVE-2014-2653 [MEDIUM] FreeBSD-SA-15:16.openssh: OpenSSH multiple vulnerabilities
FreeBSD-SA-15:16.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH multiple vulnerabilities
Category: contrib
Module: openssh
Announced: 2015-07-28, revised on 2015-07-30
Affects: All supported versions of FreeBSD.
Corrected: 2015-07-28 19:58:44 UTC (stable/10, 10.2-PRERELEASE)
2015-07-28 19:58:44 UTC (stable/10, 10.2-BETA2-p2)
2015-07-28 19:59:04 UTC (releng/10.2, 10.2-RC1-p1)
2015-07-28 19:59:11 UTC (releng/10.1, 10.1-RELEASE-p16)
2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE)
2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21)
2015-07-30 10:09:07 UTC (stable/8, 8.4-STABLE)
2015-07-30 10:09:31 UTC (releng/8.4, 8.4-RELEASE-p36)
CVE Name: CVE-2014-2653, CVE-2015-5600
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, s
Red Hat
openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
vendor_redhat·2015-07-16·CVSS 8.5
CVE-2015-5600 [HIGH] CWE-304 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform passw
Debian
CVE-2015-5600: openssh - The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 ...
vendor_debian·2015·CVSS 8.5
CVE-2015-5600 [HIGH] CVE-2015-5600: openssh - The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 ...
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
Scope: local
bookworm: resolved (fixed in 1:6.9p1-1)
bullseye: resolved (fixed in 1:6.9p1-1)
forky: resolved (fixed in 1:6.9p1-1)
sid: resolved (fixed in 1:6.9p1-1)
trixie: resolved (fixed in 1:6.9p1-1)
Apple
CVE-2015-5600: OS X Yosemite v10.10.5 and Security Update 2015-006
vendor_apple·CVSS 8.5
CVE-2015-5600 [HIGH] CVE-2015-5600: OS X Yosemite v10.10.5 and Security Update 2015-006
Apple Security Update: About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006
Product: OS X Yosemite v10.10.5 and Security Update 2015-006
CVE: CVE-2015-5600
Component: CVE-2015-5600
Cisco
Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
vendor_cisco
CVE-2015-6260 Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
CVE-2015-6260: Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Nexus 5500 Platform Switches, Cisco Nexus 5600 Platform Switches, and Cisco Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP Protocol Data Units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device, which could cause the SNMP application on the device to restart. A successful exploit could allow the attacker to cause the SNMP application to restart multiple time
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
bugzilla·2015-07-23·CVSS 8.5
CVE-2015-5600 [HIGH] CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
It was found that OpenSSH would allow an attacker to request a large number of keyboard-interactive devices when entering a password, which could allow a remote attacker to bypass the MaxAuthTries limit defined in the sshd_config file.
This flaw only affects OpenSSH configurations that have the 'KbdInteractiveAuthentication' configuration option set to 'yes'. By default, this option has the same value as the 'ChallengeResponseAuthentication' option.
By default, all versions of Red Hat Enterprise Linux have the 'ChallengeResponseAuthentication' option set to 'no', meaning default OpenSSH configurations are not affected by this flaw.
Upstream patch:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.b
Bugzilla
CVE-2015-5600 openssh: authentication limits (MaxAuthTries) bypass [fedora-all]
bugzilla·2015-07-23·CVSS 8.5
CVE-2015-5600 [HIGH] CVE-2015-5600 openssh: authentication limits (MaxAuthTries) bypass [fedora-all]
CVE-2015-5600 openssh: authentication limits (MaxAuthTries) bypass [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions o
arXiv
An n-sided polygonal model to calculate the impact of cyber security events
arxiv_fulltext·2017-11-16
An n-sided polygonal model to calculate the impact of cyber security events
An n-sided polygonal model to calculate the impact of cyber security events
Polygonal Model
Gustavo Gonzalez-Granadillo Joaquin Garcia-Alfaro Herv\'e Debar
Institut Mines-T\'el\'ecom, T\'el\'ecom
SudParis, CNRS UMR 5157 SAMOVAR
9 rue Charles Fourier, 91011 Evry, France
\name.last_name\@telecom-sudparis.eu
RORI
RORI
## Abstract
This paper presents a model to represent graphically the impact of cyber events (e.g., attacks, countermeasures) in a polygonal systems of n-sides. The approach considers information about all entities composing an information system (e.g., users, IP addresses, communication protocols, physical and logical resources, etc.). Every axis is composed of entities that contribute to the execution of the security event. Each entity has an associated weighting factor
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.chttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=hhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlhttp://openwall.com/lists/oss-security/2015/07/23/4http://rhn.redhat.com/errata/RHSA-2016-0466.htmlhttp://seclists.org/fulldisclosure/2015/Jul/92http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/75990http://www.securityfocus.com/bid/91787http://www.securityfocus.com/bid/92012http://www.securitytracker.com/id/1032988http://www.ubuntu.com/usn/USN-2710-1http://www.ubuntu.com/usn/USN-2710-2https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://kc.mcafee.com/corporate/index?page=content&id=SB10136https://kc.mcafee.com/corporate/index?page=content&id=SB10157https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201512-04https://security.netapp.com/advisory/ntap-20151106-0001/https://support.apple.com/kb/HT205031https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.chttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=hhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlhttp://openwall.com/lists/oss-security/2015/07/23/4http://rhn.redhat.com/errata/RHSA-2016-0466.htmlhttp://seclists.org/fulldisclosure/2015/Jul/92http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/75990http://www.securityfocus.com/bid/91787http://www.securityfocus.com/bid/92012http://www.securitytracker.com/id/1032988http://www.ubuntu.com/usn/USN-2710-1http://www.ubuntu.com/usn/USN-2710-2https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://kc.mcafee.com/corporate/index?page=content&id=SB10136https://kc.mcafee.com/corporate/index?page=content&id=SB10157https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.gentoo.org/glsa/201512-04https://security.netapp.com/advisory/ntap-20151106-0001/https://support.apple.com/kb/HT205031https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12
2015-08-03
Published