vulnerability

Red Hat: CVE-2016-6515: Moderate: openssh security, bug fix, and enhancement update (RHSA-2017:2029)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Aug 7, 2016	Aug 3, 2017	Jun 1, 2020

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Aug 7, 2016

Added

Aug 3, 2017

Modified

Jun 1, 2020

Description

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Solution(s)

redhat-upgrade-opensshredhat-upgrade-openssh-askpassredhat-upgrade-openssh-cavsredhat-upgrade-openssh-clientsredhat-upgrade-openssh-debuginforedhat-upgrade-openssh-keycatredhat-upgrade-openssh-ldapredhat-upgrade-openssh-serverredhat-upgrade-openssh-server-sysvinitredhat-upgrade-pam_ssh_agent_auth

References

BID-92212
DEBIAN-DLA-594-1
FREEBSD-FreeBSD-SA-17:06
NVD-CVE-2016-6515
REDHAT-RHSA-2017:2029
SECTRACK-1036487
UBUNTU-USN-3061-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today