SB2017100310 - Amazon Linux AMI update for openssh
Published: October 3, 2017 Updated: October 30, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2016-10009)
The vulnerability allows a remote attacker to execute arbitrary code on vulnerable ssh client.The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.
2) User enumeration via covert timing channel (CVE-ID: CVE-2016-6210)
The vulnerability allows a remote attacker to enumerate users on system.
The vulnerability exists in most systems where the Blowfish algorithm runs faster than SHA256/SHA512. A remote unauthenticated attacker can determine valid usernames by sending a specially crafted request with a large password (approximately 10,000 characters) to the target ssh daemon. On systems where a valid user's password has been hashed with SHA256/SHA512, the response time will be shorter for a non-existent username than for a valid username.
Successful exploitation of this vulnerability may result in disclosure or user logins.
3) Consuming excessive CPU resources on the target system (CVE-ID: CVE-2016-6515)
The vulnerability allows a remote attacker to consume excessive CPU resources on the target system.
The vulnerability exists in the crypt(3) function, which accepts passwords longer that 1024 characters in auth_password() function in the auth_passwd.c . A remote unauthenticated attacker can submit a very long string as a password and consume excessive CPU resources.
Successful exploitation of this vulnerability may result in denial of service.
4) Information disclosure (CVE-ID: CVE-2016-10011)
The vulnerability allows a local user to gain access to potentially sensitive information.The vulnerability exists due to an error in authfile.c, which may allow a local authenticated user to obtain host private key material.
Successful exploitation of this vulnerability may allow a local user to gain access to otherwise restricted information.
5) Buffer overflow (CVE-ID: CVE-2016-10012)
The vulnerability allows a local user to execute arbitrary code on vulnerable system with root privileges.The vulnerability exists in sshd due to a flaw in boundary checks in the shared memory manager that may be skipped by some optimizing compilers. A local user can trigger memory corruption and execute arbitrary code with root privileges. The issue is related to m_zback and m_zlib data structures.
Successful exploitation of this vulnerability may allow a local user to elevate privileges.
Remediation
Install update from vendor's website.