vulnerability

Red Hat: CVE-2016-6515: Moderate: openssh security, bug fix, and enhancement update (RHSA-2017:2029)

Name: Red Hat: CVE-2016-6515: Moderate: openssh security, bug fix, and enhancement update (RHSA-2017:2029)
Creator: Red Hat
Published: 2016-08-07T00:00:00.000Z
Keywords: CVE, Red Hat, 2016, 6515, Moderate, redhat-upgrade-openssh, redhat-upgrade-openssh-askpass, redhat-upgrade-openssh-cavs, redhat-upgrade-openssh-clients, redhat-upgrade-openssh-debuginfo, redhat-upgrade-openssh-keycat, redhat-upgrade-openssh-ldap, redhat-upgrade-openssh-server, redhat-upgrade-openssh-server-sysvinit, redhat-upgrade-pam_ssh_agent_auth, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Aug 7, 2016

Added

Aug 3, 2017

Modified

Feb 19, 2026

Description

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Solutions

redhat-upgrade-opensshredhat-upgrade-openssh-askpassredhat-upgrade-openssh-cavsredhat-upgrade-openssh-clientsredhat-upgrade-openssh-debuginforedhat-upgrade-openssh-keycatredhat-upgrade-openssh-ldapredhat-upgrade-openssh-serverredhat-upgrade-openssh-server-sysvinitredhat-upgrade-pam_ssh_agent_auth

References

BID-92212
DEBIAN-DLA-594-1
FREEBSD-FreeBSD-SA-17:06
NVD-CVE-2016-6515
REDHAT-RHSA-2017:2029
SECTRACK-1036487
UBUNTU-USN-3061-1

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report