AIX OpenSSH Advisory : openssh_advisory9.asc

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of OpenSSH installed that is
affected by multiple vulnerabilities.

Description :

The remote AIX host has a version of OpenSSH installed that is
affected by the following vulnerabilities :

- An elevation of privilege vulnerability exists in the
do_setup_env() function within file session.c when
handling user-supplied environmental variables. A local
attacker can exploit this to gain elevated privileges by
triggering a crafted environment for the /bin/login
program. This vulnerability requires that the UseLogin
feature is enabled and that PAM is configured to read
.pam_environment files in user home directories.
(CVE-2015-8325)

- A flaw exists when handling authentication requests that
involve overly long passwords due to returning shorter
response times for requests for invalid users than for
valid users. An unauthenticated, remote attacker can
exploit this to enumerate valid usernames by conducting
a timing attack. (CVE-2016-6210)

- A denial of service vulnerability exists in the
auth_password() function within auth-passwd.c due to a
a failure to limit password lengths. An unauthenticated,
remote attacker can exploit this, via overly long
passwords, to cause the excessive consumption of CPU
resources. (CVE-2016-6515)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory9.asc

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: AIX Local Security Checks

Nessus Plugin ID: 95477 ()

Bugtraq ID: 86187
91812
92212

CVE ID: CVE-2015-8325
CVE-2016-6210
CVE-2016-6515

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now