icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

OpenSSH 7.x < 7.3 Multiple Vulnerabilities

High

Synopsis

The remote SSH server may be affected by multiple vulnerabilities.

Description

The current version of OpenSSH is 7.x prior to 7.3 and is affected by the following vulnerabilities :

- A flaw in the 'do_setup_env()' function in 'session.c' is triggered when handling user-supplied environmental variables. This may potentially allow a local attacker to gain elevated privileges. (OSVDB 137226) - A flaw exists due to the program returning shorter response times for authentication requests with overly long passwords for invalid users than for valid users. This may allow a remote attacker to conduct a timing attack and enumerate valid usernames. (OSVDB 141586) - A flaw in the 'crypt(3)' function via 'sshd(8)' is triggered during the handling of overly long passwords. This may allow a remote attacker to consume excessive CPU resources. (OSVDB 142342) - An unspecified flaw in the 'CBC' padding oracle countermeasures in 'ssh(1)' and 'sshd(8)', which may allow an attacker to conduct a timing attack. No further details have been provided. (OSVDB 142343) - A flaw in 'ssh(1)' and 'sshd(8)' is due to improper operation ordering of MAC verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC before decrypting any ciphertext. This may allow a remote attacker to use a timing attack to gain unauthorized access to potentially sensitive information. (OSVDB 142344) - A flaw exists in the 'crypt(3)' function, accessed via 'sshd(8)', that is triggered during the handling of overly long passwords. This may allow a remote attacker to affect the consumption of CPU resources. (OSVDB 143999) - An unspecified timing flaw exists in the CBC padding oracle countermeasures in the 'ssh(1)' and 'sshd(8)' functions. This may allow a remote attacker to gain access to potentially sensitive information. (OSVDB 144000)

Solution

Upgrade to OpenSSH 7.x version 7.3 or later.