CVE-2018-15473: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet…

medium5.3CVSS 3.0

AVNACLPRNUINSUCLINAN

EXPLOIT

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Affected

34 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	dropbear	< dropbear 2018.76-4 (bookworm)	dropbear 2018.76-4 (bookworm)
debian	openssh	< openssh 1:7.7p1-4 (bookworm)	openssh 1:7.7p1-4 (bookworm)
dropbear_ssh_project	dropbear_ssh	<= 2018.76	—
dropbear_ssh_project	dropbear_ssh	>= 0 < 2018.76-4	2018.76-4
dropbear_ssh_project	dropbear_ssh	>= 0 < 2018.76-4	2018.76-4
dropbear_ssh_project	dropbear_ssh	>= 0 < 2018.76-4	2018.76-4
dropbear_ssh_project	dropbear_ssh	>= 0 < 2018.76-4	2018.76-4
netapp	oncommand_unified_manager	>= 9.4	—
netapp	storage_replication_adapter	>= 7.2	—
netapp	vasa_provider	>= 7.2	—
netapp	virtual_storage_console	>= 7.2	—
openbsd	openssh	<= 7.7	—
openbsd	openssh	>= 0 < 1:7.7p1-4	1:7.7p1-4
openbsd	openssh	>= 0 < 1:7.7p1-4	1:7.7p1-4
openbsd	openssh	>= 0 < 1:7.7p1-4	1:7.7p1-4
openbsd	openssh	>= 0 < 1:7.7p1-4	1:7.7p1-4
openbsd	openssh	>= 0 < 1:6.6p1-2ubuntu2.11	1:6.6p1-2ubuntu2.11
openbsd	openssh	>= 0 < 1:7.2p2-4ubuntu2.6	1:7.2p2-4ubuntu2.6
openbsd	openssh	>= 0 < 1:7.6p1-4ubuntu0.1	1:7.6p1-4ubuntu0.1
openbsd	openssh	>= 0 < 1:7.6p1-4ubuntu0.5	1:7.6p1-4ubuntu0.5

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

osv7.5HIGH