openssh-6.6.1p1-22.el7
エラータID: AXSA:2015-787:01
リリース日:
2015/11/26 Thursday - 13:46
題名:
openssh-6.6.1p1-22.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
- OpenSSH の sshd の auth2-chall.c の kbdint_next_device 関数は,単一
のコネクション内でキーボード対話型デバイスの処理を適切に制限しておらず,
ssh -oKbdInteractiveDevices オプションの長い,かつ重複したリストによっ
て,リモートの攻撃者がブルートフォースアタックを引き起こす,あるいはサー
ビス拒否 (CPU の消費) を引き起こす脆弱性があります。(CVE-2015-5600)
- OpenSSH の sshd のモニタコンポーネントは,MONITOR_REQ_PAM_INIT_CTX
リクエストの長大なユーザ名のデータを受け付けてしまい,SSH ログインアク
セスとともに巧妙に細工された MONITOR_REQ_PWNAM リクエストを送る sshd
uid の制御を行うことによって,ローカルのユーザがなりすまし攻撃を行う脆
弱性があります。(CVE-2015-6563)
- OpenSSH の sshd のモニタの mm_answer_pam_free_ctx 関数には,解放後使
用脆弱性が存在し,ローカルのユーザが 予期しない初期の
MONITOR_REQ_PAM_FREE_CTX リクエストを送信する sshd uid のコントロールを
用いることによって,権限を得る脆弱性があります。(CVE-2015-6564)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-5600
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
CVE-2015-6564
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
追加情報:
N/A
ダウンロード:
SRPMS
- openssh-6.6.1p1-22.el7.src.rpm
MD5: e59df5b9f9731aedc88fd5b6fdbf99ae
SHA-256: e10a72e1e685701dbe2a8e6919c7f2524a7066657e96a02b5d9e141303dc5004
Size: 1.70 MB
Asianux Server 7 for x86_64
- openssh-6.6.1p1-22.el7.x86_64.rpm
MD5: 83e2783bdba4108632b06b707870e22f
SHA-256: ecf9825c1cf735d7878bd665bb3a1a027932aa00249ad301ea520610700cfedd
Size: 433.48 kB - openssh-askpass-6.6.1p1-22.el7.x86_64.rpm
MD5: d045ff673b0fc8a146e3700b330b5a2a
SHA-256: 6658775f751b9abfdc22706411556d58da8c9a39fca5aca10b64546af743d738
Size: 70.55 kB - openssh-clients-6.6.1p1-22.el7.x86_64.rpm
MD5: a52eba2c33f426c0f2edbad6840d4c49
SHA-256: 6a6c46b6da03f3f88540e16702620a02217b2c876700da59cfc305179fcab99f
Size: 637.64 kB - openssh-keycat-6.6.1p1-22.el7.x86_64.rpm
MD5: c53992b4fa40c07bc3a4ca715ce2b353
SHA-256: 0b79178441080f11d7bff8203fecce928fb8520f77a6d5638eb6cbc0dbcb03ab
Size: 84.98 kB - openssh-server-6.6.1p1-22.el7.x86_64.rpm
MD5: 8508086c0a779c35bdd25a0335adc1ff
SHA-256: c80423270cfc900b310ef3e5995b572adef6e6b71ce607f1abea18eb2fd16a79
Size: 434.75 kB
English