Scientific Linux Security Update : openssh on SL7.x x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The following packages have been upgraded to a later upstream version:
openssh (7.4p1).

Security Fix(es) :

- A covert timing channel flaw was found in the way
OpenSSH handled authentication of non-existent users. A
remote unauthenticated attacker could possibly use this
flaw to determine valid user names by measuring the
timing of server responses. (CVE-2016-6210)

- It was found that OpenSSH did not limit password lengths
for password authentication. A remote unauthenticated
attacker could use this flaw to temporarily trigger high
CPU consumption in sshd by sending long passwords.
(CVE-2016-6515)

- It was found that ssh-agent could load PKCS#11 modules
from arbitrary paths. An attacker having control of the
forwarded agent-socket on the server, and the ability to
write to the filesystem of the client host, could use
this flaw to execute arbitrary code with the privileges
of the user running ssh-agent. (CVE-2016-10009)

- It was found that the host private key material could
possibly leak to the privilege-separated child processes
via re-allocated memory. An attacker able to compromise
the privilege-separated process could therefore obtain
the leaked key information. (CVE-2016-10011)

- It was found that the boundary checks in the code
implementing support for pre-authentication compression
could have been optimized out by certain compilers. An
attacker able to compromise the privilege-separated
process could possibly use this flaw for further attacks
against the privileged monitor process. (CVE-2016-10012)

See also :

http://www.nessus.org/u?ab5b498e

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 102650 ()

Bugtraq ID:

CVE ID: CVE-2016-10009
CVE-2016-10011
CVE-2016-10012
CVE-2016-6210
CVE-2016-6515

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now