SB2016080702 - Slackware Linux update for openssh

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016080702

SB2016080702 - Slackware Linux update for openssh

Published: August 7, 2016 Updated: March 20, 2023

Security Bulletin ID SB2016080702
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) User enumeration via covert timing channel (CVE-ID: CVE-2016-6210)

The vulnerability allows a remote attacker to enumerate users on system.

The vulnerability exists in most systems where the Blowfish algorithm runs faster than SHA256/SHA512. A remote unauthenticated attacker can determine valid usernames by sending a specially crafted request with a large password (approximately 10,000 characters) to the target ssh daemon. On systems where a valid user's password has been hashed with SHA256/SHA512, the response time will be shorter for a non-existent username than for a valid username.

Successful exploitation of this vulnerability may result in disclosure or user logins.


2) Incorrect handling of environment files (CVE-ID: CVE-2015-8325)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists in portable version of OpenSSH. A local user can execute arbitrary code as root by setting specially crafted environment variables to conduct attacks against the 'bin/login' process on systems, where PAM is configured to read user-specified environment variables and 'sshd_config' is set to 'UseLogin=yes'.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.



Remediation

Install update from vendor's website.

References