PT-2016-3241 · Openssh+7 · Openssh+7

Kashinath T

Published

2016-03-09

Updated

2025-09-29

CVE-2016-6515

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.3

Description The issue is related to the auth password function in auth-passwd.c in sshd, which does not limit password lengths for password authentication. This allows remote attackers to cause a denial of service (consumption of CPU resources) via a long string.

Recommendations For OpenSSH versions prior to 7.3, consider updating to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of long password strings to minimize the risk of exploitation.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2024_1130

ALSA-2024_1150

ALSA-2025_16880

ALT-PU-2016-1200

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2018-00117

CESA-2017_2029

CVE-2016-6515

DLA-1500-1

DLA-594-1

ELSA-2017-2029

FREEBSD-SA-17_06

MGASA-2016-0280

OPENSUSE-SU-2024:10174-1

RHSA-2017:2029

RHSA-2017_2029

SUSE-SU-2016:2280-1

SUSE-SU-2016:2281-1

SUSE-SU-2016:2388-1

SUSE-SU-2016:2555-1

USN-3061-1

Affected Products

Alt Linux

Centos

Freebsd

Ibm Aix

Openssh

Red Hat

Suse

Ubuntu

PT-2016-3241 · Openssh+7 · Openssh+7

CVE-2016-6515

Weakness Enumeration

Related Identifiers

Affected Products

References · 74