PT-2016-3241 · Openssh+7 · Openssh+7

Kashinath T

Publicado

2016-03-09

Atualizado

2025-09-29

CVE-2016-6515

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.3

Description The issue is related to the auth password function in auth-passwd.c in sshd, which does not limit password lengths for password authentication. This allows remote attackers to cause a denial of service (consumption of CPU resources) via a long string.

Recommendations For OpenSSH versions prior to 7.3, consider updating to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of long password strings to minimize the risk of exploitation.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALSA-2024_1130

ALSA-2024_1150

ALSA-2025_16880

ALT-PU-2016-1200

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2018-00117

CESA-2017_2029

CVE-2016-6515

DLA-1500-1

DLA-594-1

ELSA-2017-2029

FREEBSD-SA-17_06

MGASA-2016-0280

OPENSUSE-SU-2024:10174-1

RHSA-2017:2029

RHSA-2017_2029

SUSE-SU-2016:2280-1

SUSE-SU-2016:2281-1

SUSE-SU-2016:2388-1

SUSE-SU-2016:2555-1

USN-3061-1

Produtos afetados

Alt Linux

Centos

Freebsd

Ibm Aix

Openssh

Red Hat

Suse

Ubuntu

PT-2016-3241 · Openssh+7 · Openssh+7

CVE-2016-6515

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 74