CVE-2018-15473

MEDIUM

Description

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

References

http://www.openwall.com/lists/oss-security/2018/08/15/5

http://www.securityfocus.com/bid/105140

http://www.securitytracker.com/id/1041487

https://access.redhat.com/errata/RHSA-2019:0711

https://access.redhat.com/errata/RHSA-2019:2143

https://bugs.debian.org/906236

https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011

https://security.gentoo.org/glsa/201810-03

https://security.netapp.com/advisory/ntap-20181101-0001/

https://usn.ubuntu.com/3809-1/

https://www.debian.org/security/2018/dsa-4280

https://www.exploit-db.com/exploits/45210/

https://www.exploit-db.com/exploits/45233/

https://www.exploit-db.com/exploits/45939/

https://www.oracle.com/security-alerts/cpujan2020.html

Details

Source: MITRE

Published: 2018-08-17

Updated: 2020-08-24

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to 7.7 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*

cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

Configuration 7

AND

OR

cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*

OR

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
144526Virtuozzo 6 : openssh / openssh-askpass / openssh-clients / etc (VZLSA-2019-0711)NessusVirtuozzo Local Security Checks
medium
136325AIX OpenSSH Advisory : openssh_advisory12.ascNessusAIX Local Security Checks
medium
128363CentOS 7 : openssh (CESA-2019:2143)NessusCentOS Local Security Checks
medium
128246Scientific Linux Security Update : openssh on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
701158OpenSSH < 7.8 Access User Enumeration VulnerabilityNessus Network MonitorSSH
medium
127683RHEL 7 : openssh (RHSA-2019:2143)NessusRed Hat Local Security Checks
medium
127431NewStart CGSL MAIN 4.05 : openssh Vulnerability (NS-SA-2019-0155)NessusNewStart CGSL Local Security Checks
medium
127398NewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2019-0137)NessusNewStart CGSL Local Security Checks
medium
127310NewStart CGSL MAIN 4.06 : openssh Vulnerability (NS-SA-2019-0091)NessusNewStart CGSL Local Security Checks
medium
124929EulerOS Virtualization 3.0.1.0 : openssh (EulerOS-SA-2019-1426)NessusHuawei Local Security Checks
medium
124034CentOS 6 : openssh (CESA-2019:0711)NessusCentOS Local Security Checks
medium
124013OracleVM 3.3 / 3.4 : openssh (OVMSA-2019-0013)NessusOracleVM Local Security Checks
medium
123986Oracle Linux 6 : openssh (ELSA-2019-0711)NessusOracle Linux Local Security Checks
medium
123966Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20190409)NessusScientific Linux Local Security Checks
medium
123916RHEL 6 : openssh (RHSA-2019:0711)NessusRed Hat Local Security Checks
medium
123885EulerOS Virtualization 2.5.4 : openssh (EulerOS-SA-2019-1199)NessusHuawei Local Security Checks
medium
123884EulerOS Virtualization 2.5.3 : openssh (EulerOS-SA-2019-1198)NessusHuawei Local Security Checks
medium
123374openSUSE Security Update : openssh (openSUSE-2019-914)NessusSuSE Local Security Checks
medium
122030Photon OS 2.0: Openssh PHSA-2019-2.0-0126NessusPhotonOS Local Security Checks
medium
120996EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1008)NessusHuawei Local Security Checks
medium
120214Fedora 28 : openssh (2018-065a7722ee)NessusFedora Local Security Checks
medium
120162SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2018:3686-1)NessusSuSE Local Security Checks
medium
119920EulerOS 2.0 SP2 : openssh (EulerOS-SA-2018-1431)NessusHuawei Local Security Checks
medium
119902EulerOS Virtualization 2.5.2 : openssh (EulerOS-SA-2018-1413)NessusHuawei Local Security Checks
medium
119900EulerOS Virtualization 2.5.1 : openssh (EulerOS-SA-2018-1411)NessusHuawei Local Security Checks
medium
119887pfSense 2.3.x <= 2.3.5-p2 / 2.4.x < 2.4.4 Multiple Vulnerabilities (SA-18_06 / SA-18_07 / SA-18_08)NessusFirewalls
high
119533EulerOS 2.0 SP3 : openssh (EulerOS-SA-2018-1405)NessusHuawei Local Security Checks
medium
119295openSUSE Security Update : openssh (openSUSE-2018-1477)NessusSuSE Local Security Checks
medium
119213SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2018:3910-1)NessusSuSE Local Security Checks
medium
119032SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3781-1)NessusSuSE Local Security Checks
medium
119031SUSE SLES12 Security Update : openssh (SUSE-SU-2018:3776-1)NessusSuSE Local Security Checks
medium
119024openSUSE Security Update : openssh (openSUSE-2018-1419)NessusSuSE Local Security Checks
medium
118795Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : openssh vulnerabilities (USN-3809-1)NessusUbuntu Local Security Checks
medium
118498SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3540-1)NessusSuSE Local Security Checks
high
117968GLSA-201810-03 : OpenSSH: User enumeration vulnerabilityNessusGentoo Local Security Checks
medium
117708Amazon Linux 2 : openssh (ALAS-2018-1075)NessusAmazon Linux Local Security Checks
medium
117491Fedora 27 : openssh (2018-f56ded11c4)NessusFedora Local Security Checks
medium
117347Amazon Linux AMI : openssh (ALAS-2018-1075)NessusAmazon Linux Local Security Checks
medium
112066Debian DSA-4280-1 : openssh - security updateNessusDebian Local Security Checks
medium
112050Debian DLA-1474-1 : openssh security updateNessusDebian Local Security Checks
medium