PT-2016-2921 · Openbsd+4 · Openssh+4

Shilei-C

Publicado

2016-10-20

Atualizado

2024-08-06

CVE-2016-8858

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions 6.x through 7.3

Description The issue allows remote attackers to cause a denial of service by sending many duplicate KEXINIT requests, leading to memory consumption. This is related to the kex input kexinit function in kex.c. Note that OpenSSH upstream does not consider this as a security issue.

Recommendations For OpenSSH versions 6.x through 7.3, consider disabling the kex input kexinit function as a temporary workaround until a patch is available. Restrict access to the kex.c module to minimize the risk of exploitation. Avoid using the KEXINIT request in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2016-2124

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2016-02352

CVE-2016-8858

FREEBSD-SA-16_33

OPENSUSE-SU-2024:11124-1

SUSE-SU-2017:0264-1

SUSE-SU-2017:0603-1

SUSE-SU-2017:0606-1

SUSE-SU-2017:0607-1

SUSE-SU-2017:0607-2

SUSE-SU-2017:0607-3

SUSE-SU-2017:1661-1

Produtos afetados

Alt Linux

Freebsd

Ibm Aix

Openssh

Suse

PT-2016-2921 · Openbsd+4 · Openssh+4

CVE-2016-8858

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 123