SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSH Vendors:   OpenSSH.org
(CentOS Issues Fix) OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System
SecurityTracker Alert ID:  1035346
SecurityTracker URL:  http://securitytracker.com/id/1035346
CVE Reference:   CVE-2015-5600   (Links to External Site)
Date:  Mar 22 2016
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in OpenSSH. A remote user can bypass authentication attempt limits on the target system.

A remote user can request the keyboard-interactive authentication option ('KbdInteractiveDevices') to open a large number of keyboard-interactive devices on the target server and perform a brute-force password guessing attack against the target sshd service. The number of password attempts can effectively exceed the 'MaxAuthTries' limit and are permitted to occur until the 'LoginGraceTime' limit is reached or the number of keyboard-interactive devices are used.

Servers that have keyboard-interactive authentication enabled (e.g., FreeBSD in the default configuration) are affected.

A demonstration exploit command is provided:

ssh -l[username] -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` [target]

The original advisory is available at:

https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/

kingcope reported this vulnerability.

Impact:   A remote user can bypass authentication attempt limits on the target system.
Solution:   CentOS has issued a fix.

i386:
b21827af15406e5fb1e14d7ab71f160edd0fd8ec6d59ef49a0a561d5d4b8a419 openssh-5.3p1-114.el6_7.i686.rpm
2f8adbe69f2cded0bccb7286ee55bac1ae517f4a2a5bca19914e3f6b190f2a59 openssh-askpass-5.3p1-114.el6_7.i686.rpm
83429d1efd75f100d1f8b705d082813ffef80174809b06cd67ce192344f0816e openssh-clients-5.3p1-114.el6_7.i686.rpm
80749c749e2e2172ebfa1bdd85d150ed7a54a6c9a693f2aceb5024f6ee5f7f95 openssh-ldap-5.3p1-114.el6_7.i686.rpm
84f986e02d188722130d943aa279a576f5b90125c94bd41bf1669794cac34604 openssh-server-5.3p1-114.el6_7.i686.rpm
a800afcd8667f3fcae2424ad39e4b28875324b765a355a6894fa76a148d77e56 pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm

x86_64:
077603015723d9c96bed95f4215ae642829f009b7bd4f8b5eb44c214a4cf9b23 openssh-5.3p1-114.el6_7.x86_64.rpm
af443f9daefbbb5fed105ed9a70bf59e765dca26589d7c0448e579ba8dd15e62 openssh-askpass-5.3p1-114.el6_7.x86_64.rpm
e9be7aece75e15e5cf41e509fb36e0b3e7eb3d2ca847fe100336c20fa78945f3 openssh-clients-5.3p1-114.el6_7.x86_64.rpm
77b33f82d02447a6ff11e2a790cf040d0766c7c36ca7290da7c62ed76a892765 openssh-ldap-5.3p1-114.el6_7.x86_64.rpm
9572a0632e4c9c7fd28a23f14843547629a05fff9586696e62c3617a2278818a openssh-server-5.3p1-114.el6_7.x86_64.rpm
a800afcd8667f3fcae2424ad39e4b28875324b765a355a6894fa76a148d77e56 pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm
dae8b23912f2b7a76d9b53a1d133dbb18c467e46bf7a08b3e1941a3be4a998e3 pam_ssh_agent_auth-0.9.3-114.el6_7.x86_64.rpm

Source:
1d22a68fb98d5ee4f4cc473b11a2da154568d8a8b4939b568d3094493b4c231a openssh-5.3p1-114.el6_7.src.rpm

x86_64:
7de3cbf4ec75c073b1aaecf2fae539fe6b95742a7ffd4333f9a45dbb85191130 openssh-6.6.1p1-25.el7_2.x86_64.rpm
d1a6a87820d542d51a05017a6b6f14ebe35fce7aa3cb0d9efe2a0750d548a7ef openssh-askpass-6.6.1p1-25.el7_2.x86_64.rpm
9ccca04375b3466810c7bff2fd902436871468192249fefafba8db1324ca2e48 openssh-clients-6.6.1p1-25.el7_2.x86_64.rpm
03dbf819fecec3fd39f6971b35acf2d385654f87f7e477e068875cfa85678ca2 openssh-keycat-6.6.1p1-25.el7_2.x86_64.rpm
81df6fd13ab30aedc6ef397d476a49d5f272fb569addc8a3f67370a53d6dd1cd openssh-ldap-6.6.1p1-25.el7_2.x86_64.rpm
29384ae8c514bc7fba475901e73fd502bb61d74e4e70ce64b0006bdd4fd6fc02 openssh-server-6.6.1p1-25.el7_2.x86_64.rpm
8caca16e598dfee9a3559865501a948d7c81d22950038a6d2f89e9e9ba8b5b7a openssh-server-sysvinit-6.6.1p1-25.el7_2.x86_64.rpm
fce6a61ae3a6cc1eb857ddd53a8e27e82521b0a67e09ac6a1bc3e226de5e2dc9 pam_ssh_agent_auth-0.9.3-9.25.el7_2.i686.rpm
f9705216270f97985d10275390cb32fbad3325c23bcf03db52956c6bfb45179d pam_ssh_agent_auth-0.9.3-9.25.el7_2.x86_64.rpm

Source:
2274b5597edc75fe23e6b10b8a727105ca3412906338909331f3da5f87054ff6 openssh-6.6.1p1-25.el7_2.src.rpm

Cause:   Access control error, State error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jul 20 2015 OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0466 Moderate CentOS 6 openssh Security Update


CentOS Errata and Security Advisory 2016:0466 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0466.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
b21827af15406e5fb1e14d7ab71f160edd0fd8ec6d59ef49a0a561d5d4b8a419  openssh-5.3p1-114.el6_7.i686.rpm
2f8adbe69f2cded0bccb7286ee55bac1ae517f4a2a5bca19914e3f6b190f2a59  openssh-askpass-5.3p1-114.el6_7.i686.rpm
83429d1efd75f100d1f8b705d082813ffef80174809b06cd67ce192344f0816e  openssh-clients-5.3p1-114.el6_7.i686.rpm
80749c749e2e2172ebfa1bdd85d150ed7a54a6c9a693f2aceb5024f6ee5f7f95  openssh-ldap-5.3p1-114.el6_7.i686.rpm
84f986e02d188722130d943aa279a576f5b90125c94bd41bf1669794cac34604  openssh-server-5.3p1-114.el6_7.i686.rpm
a800afcd8667f3fcae2424ad39e4b28875324b765a355a6894fa76a148d77e56  pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm

x86_64:
077603015723d9c96bed95f4215ae642829f009b7bd4f8b5eb44c214a4cf9b23  openssh-5.3p1-114.el6_7.x86_64.rpm
af443f9daefbbb5fed105ed9a70bf59e765dca26589d7c0448e579ba8dd15e62  openssh-askpass-5.3p1-114.el6_7.x86_64.rpm
e9be7aece75e15e5cf41e509fb36e0b3e7eb3d2ca847fe100336c20fa78945f3  openssh-clients-5.3p1-114.el6_7.x86_64.rpm
77b33f82d02447a6ff11e2a790cf040d0766c7c36ca7290da7c62ed76a892765  openssh-ldap-5.3p1-114.el6_7.x86_64.rpm
9572a0632e4c9c7fd28a23f14843547629a05fff9586696e62c3617a2278818a  openssh-server-5.3p1-114.el6_7.x86_64.rpm
a800afcd8667f3fcae2424ad39e4b28875324b765a355a6894fa76a148d77e56  pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm
dae8b23912f2b7a76d9b53a1d133dbb18c467e46bf7a08b3e1941a3be4a998e3  pam_ssh_agent_auth-0.9.3-114.el6_7.x86_64.rpm

Source:
1d22a68fb98d5ee4f4cc473b11a2da154568d8a8b4939b568d3094493b4c231a  openssh-5.3p1-114.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC