[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2016-0466 -- Oracle openssh

ID: oval:org.secpod.oval:def:1501408Date: (C)2016-03-31   (M)2023-12-07
Class: PATCHFamily: unix




OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon will be restarted automatically.

Platform:
Oracle Linux 6
Product:
openssh
Reference:
ELSA-2016-0466
CVE-2015-5600
CVE-2016-3115
CVE    2
CVE-2016-3115
CVE-2015-5600
CPE    3
cpe:/o:oracle:linux:6
cpe:/a:openbsd:openssh
cpe:/a:openbsd:openssh:6.9

© SecPod Technologies