SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSH Vendors:   OpenSSH.org
OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
SecurityTracker Alert ID:  1032988
SecurityTracker URL:  http://securitytracker.com/id/1032988
CVE Reference:   CVE-2015-5600   (Links to External Site)
Updated:  Aug 12 2015
Original Entry Date:  Jul 20 2015
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in OpenSSH. A remote user can bypass authentication attempt limits on the target system.

A remote user can request the keyboard-interactive authentication option ('KbdInteractiveDevices') to open a large number of keyboard-interactive devices on the target server and perform a brute-force password guessing attack against the target sshd service. The number of password attempts can effectively exceed the 'MaxAuthTries' limit and are permitted to occur until the 'LoginGraceTime' limit is reached or the number of keyboard-interactive devices are used.

Servers that have keyboard-interactive authentication enabled (e.g., FreeBSD in the default configuration) are affected.

A demonstration exploit command is provided:

ssh -l[username] -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` [target]

The original advisory is available at:

https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/

kingcope reported this vulnerability.

Impact:   A remote user can bypass authentication attempt limits on the target system.
Solution:   The vendor has issued a fix (7.0).

The vendor's advisory is available at:

http://www.openssh.com/txt/release-7.0

Vendor URL:  www.openssh.com/txt/release-7.0 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 29 2015 (FreeBSD Issues Fix) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
FreeBSD has issued a fix for FreeBSD 8.4, 9.3, and 10.1.
Aug 14 2015 (Ubuntu Issues Fix) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
Ubuntu has issued a fix Ubuntu 12.04 LTS, 14.04 LTS, and 15.04.
Aug 19 2015 (F5 Networks Issues Advisory for F5 BIG-IP) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
F5 Networks has issued an advisory for F5 BIG-IP.
Aug 19 2015 (F5 Networks Issues Advisory for F5 Enterprise Manager) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
F5 Networks has issued an advisory for F5 Enterprise Manager.
Oct 17 2015 (Juniper Issues Fix for Juniper Junos) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
Juniper has issued a fix for Juniper Junos.
Nov 12 2015 (QNAP Systems Issues Fix for QNAP QTS) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
QNAP Systems has issued a fix for QNAP QTS.
Nov 20 2015 (Red Hat Issues Fix) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Nov 24 2015 (Oracle Issues Fix for Oracle Linux) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
Oracle has issued a fix for Oracle Linux 7.
Mar 21 2016 (Red Hat Issues Fix) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Mar 22 2016 (CentOS Issues Fix) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
CentOS has issued a fix for CentOS 6 and 7.
Mar 22 2016 (Oracle Issues Fix for Oracle Linux) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
Oracle has issued a fix for Oracle Linux 6.
Mar 25 2016 (IBM Issues Fix for IBM BladeCenter Advanced Management Module) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
IBM has issued a fix for IBM BladeCenter Advanced Management Module.
Apr 4 2016 (Oracle Issues Fix for Oracle Linux) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
Oracle has issued a fix for Oracle Linux 5.
Jun 3 2016 (HP Issues Fix for HPE BladeSystem) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
HP has issued a fix for HPE BladeSystem.
Jan 18 2017 (Juniper Issues Fix for Juniper NSM) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
Juniper has issued a fix for Juniper NSM3000, NSM4000, and NSMExpress.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC