FreeBSD : openssh -- sshd -- remote valid user discovery and PAM /bin/login attack (adccefd1-7080-11e6-a2cb-c80aa9043978)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The OpenSSH project reports :

* sshd(8): Mitigate timing differences in password authentication that
could be used to discern valid from invalid account names when long
passwords were sent and particular password hashing algorithms are in
use on the server. CVE-2016-6210, reported by EddieEzra.Harari at
verint.com

* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified environment
variables and UseLogin=yes in sshd_config, then a hostile local user
may attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM. CVE-2015-8325, found by Shayan Sadigh.

See also :

http://www.openssh.com/txt/release-7.3
http://www.nessus.org/u?f9a24e59

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 93267 ()

Bugtraq ID:

CVE ID: CVE-2015-8325
CVE-2016-6210

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now