CVE-2016-6515

Published: Aug 7, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us

https://security.netapp.com/advisory/ntap-20171130-0003/

https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97

http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html

40888

exploit

92212

vdb-entry

FreeBSD-SA-17:06

vendor-advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

1036487

vdb-entry

FEDORA-2016-4a3debc3a6

vendor-advisory

RHSA-2017:2029

vendor-advisory

[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update

mailing-list

[oss-security] 20160801 Announce: OpenSSH 7.3 released

mailing-list

https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-6515

Description

Affected Products

References