CVE-2018-15473

MEDIUM

Description

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

References

http://www.openwall.com/lists/oss-security/2018/08/15/5

http://www.securityfocus.com/bid/105140

http://www.securitytracker.com/id/1041487

https://access.redhat.com/errata/RHSA-2019:0711

https://access.redhat.com/errata/RHSA-2019:2143

https://bugs.debian.org/906236

https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011

https://security.gentoo.org/glsa/201810-03

https://security.netapp.com/advisory/ntap-20181101-0001/

https://usn.ubuntu.com/3809-1/

https://www.debian.org/security/2018/dsa-4280

https://www.exploit-db.com/exploits/45210/

https://www.exploit-db.com/exploits/45233/

https://www.exploit-db.com/exploits/45939/

Details

Source: MITRE

Published: 2018-08-17

Updated: 2019-08-06

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 5

AND

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Configuration 6

cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*

cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

Configuration 7

AND

cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 8

AND

cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Tenable Plugins

View all (39 total)

ID	Name	Product	Family	Severity
136325	AIX OpenSSH Advisory : openssh_advisory12.asc	Nessus	AIX Local Security Checks	medium
128363	CentOS 7 : openssh (CESA-2019:2143)	Nessus	CentOS Local Security Checks	medium
128246	Scientific Linux Security Update : openssh on SL7.x x86_64 (20190806)	Nessus	Scientific Linux Local Security Checks	medium
701158	OpenSSH < 7.8 Access User Enumeration Vulnerability	Nessus Network Monitor	SSH	medium
127683	RHEL 7 : openssh (RHSA-2019:2143)	Nessus	Red Hat Local Security Checks	medium
127431	NewStart CGSL MAIN 4.05 : openssh Vulnerability (NS-SA-2019-0155)	Nessus	NewStart CGSL Local Security Checks	medium
127398	NewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2019-0137)	Nessus	NewStart CGSL Local Security Checks	medium
127310	NewStart CGSL MAIN 4.06 : openssh Vulnerability (NS-SA-2019-0091)	Nessus	NewStart CGSL Local Security Checks	medium
124929	EulerOS Virtualization 3.0.1.0 : openssh (EulerOS-SA-2019-1426)	Nessus	Huawei Local Security Checks	medium
124034	CentOS 6 : openssh (CESA-2019:0711)	Nessus	CentOS Local Security Checks	medium
124013	OracleVM 3.3 / 3.4 : openssh (OVMSA-2019-0013)	Nessus	OracleVM Local Security Checks	medium
123986	Oracle Linux 6 : openssh (ELSA-2019-0711)	Nessus	Oracle Linux Local Security Checks	medium
123966	Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20190409)	Nessus	Scientific Linux Local Security Checks	medium
123916	RHEL 6 : openssh (RHSA-2019:0711)	Nessus	Red Hat Local Security Checks	medium
123885	EulerOS Virtualization 2.5.4 : openssh (EulerOS-SA-2019-1199)	Nessus	Huawei Local Security Checks	medium
123884	EulerOS Virtualization 2.5.3 : openssh (EulerOS-SA-2019-1198)	Nessus	Huawei Local Security Checks	medium
123374	openSUSE Security Update : openssh (openSUSE-2019-914)	Nessus	SuSE Local Security Checks	medium
122030	Photon OS 2.0: Openssh PHSA-2019-2.0-0126	Nessus	PhotonOS Local Security Checks	medium
120996	EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1008)	Nessus	Huawei Local Security Checks	medium
120214	Fedora 28 : openssh (2018-065a7722ee)	Nessus	Fedora Local Security Checks	medium
120162	SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2018:3686-1)	Nessus	SuSE Local Security Checks	medium
119920	EulerOS 2.0 SP2 : openssh (EulerOS-SA-2018-1431)	Nessus	Huawei Local Security Checks	medium
119902	EulerOS Virtualization 2.5.2 : openssh (EulerOS-SA-2018-1413)	Nessus	Huawei Local Security Checks	medium
119900	EulerOS Virtualization 2.5.1 : openssh (EulerOS-SA-2018-1411)	Nessus	Huawei Local Security Checks	medium
119887	pfSense 2.3.x <= 2.3.5-p2 / 2.4.x < 2.4.4 Multiple Vulnerabilities (SA-18_06 / SA-18_07 / SA-18_08)	Nessus	Firewalls	high
119533	EulerOS 2.0 SP3 : openssh (EulerOS-SA-2018-1405)	Nessus	Huawei Local Security Checks	medium
119295	openSUSE Security Update : openssh (openSUSE-2018-1477)	Nessus	SuSE Local Security Checks	medium
119213	SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2018:3910-1)	Nessus	SuSE Local Security Checks	medium
119032	SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3781-1)	Nessus	SuSE Local Security Checks	medium
119031	SUSE SLES12 Security Update : openssh (SUSE-SU-2018:3776-1)	Nessus	SuSE Local Security Checks	medium
119024	openSUSE Security Update : openssh (openSUSE-2018-1419)	Nessus	SuSE Local Security Checks	medium
118795	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : openssh vulnerabilities (USN-3809-1)	Nessus	Ubuntu Local Security Checks	medium
118498	SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3540-1)	Nessus	SuSE Local Security Checks	high
117968	GLSA-201810-03 : OpenSSH: User enumeration vulnerability	Nessus	Gentoo Local Security Checks	medium
117708	Amazon Linux 2 : openssh (ALAS-2018-1075)	Nessus	Amazon Linux Local Security Checks	medium
117491	Fedora 27 : openssh (2018-f56ded11c4)	Nessus	Fedora Local Security Checks	medium
117347	Amazon Linux AMI : openssh (ALAS-2018-1075)	Nessus	Amazon Linux Local Security Checks	medium
112066	Debian DSA-4280-1 : openssh - security update	Nessus	Debian Local Security Checks	medium
112050	Debian DLA-1474-1 : openssh security update	Nessus	Debian Local Security Checks	medium