SB2016011408 - Denial of service in openssh (Alpine package)
Published: January 14, 2016
Security Bulletin ID
SB2016011408
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Denial of service (CVE-ID: CVE-2016-0778)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote user to cause denial of service conditions on the target system.
The weakness is due to insufficient access control that allows attackers to cause the service deny.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=e59f53fd6f9b4e3da0f5f224a73054a00903dc16
- https://git.alpinelinux.org/aports/commit/?id=502069f7bf3a0c34a5f68413f21d5ea297a3cbcd
- https://git.alpinelinux.org/aports/commit/?id=520f0f795506134008d88476253a9cb5e14b7cd2
- https://git.alpinelinux.org/aports/commit/?id=faf85ab25e44464b8c4c71e0966e70a25ac49e62