CVE-2016-6515
published 2016-08-07CVE-2016-6515: The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote…
PriorityP264high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
58.57%
99.0th percentile
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:7.3p1-1 (bookworm) | openssh 1:7.3p1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| openbsd | openssh | <= 7.2 | — |
| openbsd | openssh | >= 0 < 1:7.3p1-1 | 1:7.3p1-1 |
| openbsd | openssh | >= 0 < 1:7.3p1-1 | 1:7.3p1-1 |
| openbsd | openssh | >= 0 < 1:7.3p1-1 | 1:7.3p1-1 |
| openbsd | openssh | >= 0 < 1:7.3p1-1 | 1:7.3p1-1 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.8 | 1:6.6p1-2ubuntu2.8 |
| openbsd | openssh | >= 0 < 1:7.2p2-4ubuntu2.1 | 1:7.2p2-4ubuntu2.1 |
| paloalto | pan-os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor sshd for sustained high CPU consumption correlated with incoming SSH password authentication attempts — the DoS manifests as crypt CPU consumption. ↗
- →Alert on rapid, repeated SSH connection attempts in an infinite loop from a single source IP, consistent with the exploit's loop-based DoS pattern. ↗
- ·The vulnerability is only exploitable when PasswordAuthentication is enabled in sshd_config; disabling it fully mitigates the attack. On FreeBSD, PasswordAuthentication is disabled by default. ↗
- ·On Red Hat Enterprise Linux 6, 7, and 8, the impact of this vulnerability is mitigated by SELinux. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Palo Alto
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
vendor_paloalto·2020-05-13·CVSS 7.5
CVE-2014-1692 [HIGH] PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have a security impact on PAN-OS, or the scenarios required for successful
CVEs: CVE-2014-1692, CVE-2014-2532, CVE-2014-2653, CVE-2015-5352, CVE-2015-8325, CVE-2016-10009, CVE-2016-10010, CVE-2016-10708, CVE-2016-1908, CVE-2016-3115, CVE-2016-6515, CVE-2018-15473, CVE-2018-15919
Affected products: PAN-OS
BSD
FreeBSD-SA-17:06.openssh: OpenSSH Denial of Service vulnerability
bsd_advisories·2017-08-10·CVSS 7.5
CVE-2016-6515 [HIGH] FreeBSD-SA-17:06.openssh: OpenSSH Denial of Service vulnerability
FreeBSD-SA-17:06.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH Denial of Service vulnerability
Category: contrib
Module: OpenSSH
Announced: 2017-08-10
Affects: All supported versions of FreeBSD.
Corrected: 2017-08-10 06:36:37 UTC (stable/11, 11.1-STABLE)
2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1)
2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12)
2017-08-10 06:36:37 UTC (stable/10, 10.3-STABLE)
2017-08-10 06:59:43 UTC (releng/10.3, 10.3-RELEASE-p21)
CVE Name: CVE-2016-6515
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
OpenSSH is an implementation of the SSH protocol suite, providing an
encrypted and authenticated trans
Ubuntu
OpenSSH vulnerabilities
vendor_ubuntu·2016-08-15·CVSS 5.9
CVE-2016-6210 [MEDIUM] OpenSSH vulnerabilities
Title: OpenSSH vulnerabilities
Summary: Several security issues were fixed in OpenSSH.
Eddie Harari discovered that OpenSSH incorrectly handled password hashing
when authenticating non-existing users. A remote attacker could perform a
timing attack and enumerate valid users. (CVE-2016-6210)
Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did
not limit password lengths. A remote attacker could use this issue to cause
OpenSSH to consume resources, leading to a denial of service.
(CVE-2016-6515)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
openssh: Denial of service via very long passwords
vendor_redhat·2016-07-21·CVSS 7.5
CVE-2016-6515 [HIGH] CWE-770 openssh: Denial of service via very long passwords
openssh: Denial of service via very long passwords
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords.
Statement: This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6, 7 and 8. More details available at: https://bugzilla.redhat.com/show_bug.cgi?id=1364935#c13
Package: openssh (Red Hat Enterprise Linux 5) - Will not fix
Package: openssh (Red Hat Enterpri
Debian
CVE-2016-6515: openssh - The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does n...
vendor_debian·2016·CVSS 7.5
CVE-2016-6515 [HIGH] CVE-2016-6515: openssh - The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does n...
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Scope: local
bookworm: resolved (fixed in 1:7.3p1-1)
bullseye: resolved (fixed in 1:7.3p1-1)
forky: resolved (fixed in 1:7.3p1-1)
sid: resolved (fixed in 1:7.3p1-1)
trixie: resolved (fixed in 1:7.3p1-1)
GHSA
GHSA-vf2p-h3m7-ch75: The auth_password function in auth-passwd
ghsa_unreviewed·2022-05-13
CVE-2016-6515 [HIGH] CWE-20 GHSA-vf2p-h3m7-ch75: The auth_password function in auth-passwd
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
OSV
openssh vulnerabilities
osv·2016-08-15·CVSS 5.9
CVE-2016-6210 [MEDIUM] openssh vulnerabilities
openssh vulnerabilities
Eddie Harari discovered that OpenSSH incorrectly handled password hashing
when authenticating non-existing users. A remote attacker could perform a
timing attack and enumerate valid users. (CVE-2016-6210)
Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did
not limit password lengths. A remote attacker could use this issue to cause
OpenSSH to consume resources, leading to a denial of service.
(CVE-2016-6515)
OSV
CVE-2016-6515: The auth_password function in auth-passwd
osv·2016-08-07·CVSS 7.5
CVE-2016-6515 [HIGH] CVE-2016-6515: The auth_password function in auth-passwd
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
No detection rules found.
Bugzilla
CVE-2016-6515 openssh: Denial of service via very long passwords
bugzilla·2016-08-08·CVSS 7.5
CVE-2016-6515 [HIGH] CVE-2016-6515 openssh: Denial of service via very long passwords
CVE-2016-6515 openssh: Denial of service via very long passwords
A denial of service vulnerability was found in openssh. The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
References:
http://seclists.org/oss-sec/2016/q3/215
Upstream fix:
https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97
Discussion:
Created openssh tracking bugs for this issue:
Affects: fedora-all [bug 1364936]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029
---
(In reply to Dhiru
Bugzilla
CVE-2016-6515 openssh: Denial of service via very long passwords [fedora-all]
bugzilla·2016-08-08·CVSS 7.5
CVE-2016-6515 [HIGH] CVE-2016-6515 openssh: Denial of service via very long passwords [fedora-all]
CVE-2016-6515 openssh: Denial of service via very long passwords [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of
arXiv
Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice
arxiv_fulltext·2021-09-10
Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice
## Abstract
Robotics is becoming more and more ubiquitous, but the pressure to bring systems to market occasionally goes at the cost of neglecting security mechanisms during the development, deployment or while in production. As a result, contemporary robotic systems are vulnerable to diverse attack patterns, and an a posteriori hardening is at least challenging, if not impossible at all. This book aims to stipulate the inclusion of security in robotics from the earliest design phases onward and with a special focus on the cost-benefit tradeoff that can otherwise be an inhibitor for the fast development of affordable systems. We advocate quantitative methods of security management and design, covering vulnerability scoring systems tailored to robotic systems, and accounting for the highly
http://openwall.com/lists/oss-security/2016/08/01/2http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/92212http://www.securitytracker.com/id/1036487https://access.redhat.com/errata/RHSA-2017:2029https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdfhttps://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.aschttps://security.netapp.com/advisory/ntap-20171130-0003/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_ushttps://www.exploit-db.com/exploits/40888/http://openwall.com/lists/oss-security/2016/08/01/2http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/92212http://www.securitytracker.com/id/1036487https://access.redhat.com/errata/RHSA-2017:2029https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdfhttps://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.aschttps://security.netapp.com/advisory/ntap-20171130-0003/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_ushttps://www.exploit-db.com/exploits/40888/
2016-08-07
Published