Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2693
openssh security update
11 September 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssh
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Existing Account
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-15906 CVE-2016-10708 CVE-2016-10012
CVE-2016-10011 CVE-2016-10009 CVE-2016-6515
CVE-2016-3115 CVE-2016-1908 CVE-2015-6564
CVE-2015-6563 CVE-2015-5600 CVE-2015-5352
Reference: ESB-2018.0230
ASB-2016.0048
ASB-2015.0090
ESB-2015.1814
ESB-2015.1975.2
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
- --------------------------BEGIN INCLUDED TEXT--------------------
Package : openssh
Version : 1:6.7p1-5+deb8u6
CVE ID : CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564
CVE-2016-1908 CVE-2016-3115 CVE-2016-6515 CVE-2016-10009
CVE-2016-10011 CVE-2016-10012 CVE-2016-10708
CVE-2017-15906
Debian Bug : 790798 793616 795711 848716 848717
Several vulnerabilities have been found in OpenSSH, a free implementation
of the SSH protocol suite:
CVE-2015-5352
OpenSSH incorrectly verified time window deadlines for X connections.
Remote attackers could take advantage of this flaw to bypass intended
access restrictions. Reported by Jann Horn.
CVE-2015-5600
OpenSSH improperly restricted the processing of keyboard-interactive
devices within a single connection, which could allow remote attackers
to perform brute-force attacks or cause a denial of service, in a
non-default configuration.
CVE-2015-6563
OpenSSH incorrectly handled usernames during PAM authentication. In
conjunction with an additional flaw in the OpenSSH unprivileged child
process, remote attackers could make use if this issue to perform user
impersonation. Discovered by Moritz Jodeit.
CVE-2015-6564
Moritz Jodeit discovered a use-after-free flaw in PAM support in
OpenSSH, that could be used by remote attackers to bypass
authentication or possibly execute arbitrary code.
CVE-2016-1908
OpenSSH mishandled untrusted X11 forwarding when the X server disables
the SECURITY extension. Untrusted connections could obtain trusted X11
forwarding privileges. Reported by Thomas Hoger.
CVE-2016-3115
OpenSSH improperly handled X11 forwarding data related to
authentication credentials. Remote authenticated users could make use
of this flaw to bypass intended shell-command restrictions. Identified
by github.com/tintinweb.
CVE-2016-6515
OpenSSH did not limit password lengths for password authentication.
Remote attackers could make use of this flaw to cause a denial of
service via long strings.
CVE-2016-10009
Jann Horn discovered an untrusted search path vulnerability in
ssh-agent allowing remote attackers to execute arbitrary local
PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVE-2016-10011
Jann Horn discovered that OpenSSH did not properly consider the
effects of realloc on buffer contents. This may allow local users to
obtain sensitive private-key information by leveraging access to a
privilege-separated child process.
CVE-2016-10012
Guido Vranken discovered that the OpenSSH shared memory manager
did not ensure that a bounds check was enforced by all compilers,
which could allow local users to gain privileges by leveraging access
to a sandboxed privilege-separation process.
CVE-2016-10708
NULL pointer dereference and daemon crash via an out-of-sequence
NEWKEYS message.
CVE-2017-15906
Michal Zalewski reported that OpenSSH improperly prevent write
operations in readonly mode, allowing attackers to create zero-length
files.
For Debian 8 "Jessie", these problems have been fixed in version
1:6.7p1-5+deb8u6.
We recommend that you upgrade your openssh packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW5dJ82aOgq3Tt24GAQitYg/+MDr6CxOf5yRc7Dfq8mHZSyaXq56j3Ggo
ZyM6aTYGtXuO0g4xKQXJVyjxi/N1D4jO7+0Z9NPMoRIrVjSrsuWoyQfwfb1BiPgl
hO3h2PHVDyriTTbt2B7Ib1RJ2HcnrLblPL8LoEFGzkmyRKy+sELqUiwLlfV5/6uh
GkZToayZoI+RMH7Cq3UNu6kwYJPvNpyWa18JuciU3EHb7sTlVpGw9M6V1S/rh/eh
E5mjECzJvw758hSwPSpc0aSrFbL4MZaXv0YtjxA2ed/593pxPN1VOj4ZcWw2Kl2m
58iE+ObPqp6gP7O3MbRrezzNnPlP9lc+TplE9pRiHVNQAr7zPE3koVw3NxICGLWm
BezDjwGd8C+eBaAxPk44yqZaSSU5467k14iO+Ceu+p/eUuQ1olLKTP78JLd1wrCI
lHCsO8jVpDOalz/1mxhiKite3CfcMTYswFOaSwL5M8aTLFz7+Z5jhO5C4CNiFOgn
W2+LRqu5zpiqCriVGmSDIOTtg5zFpcI2y6wLfgdy0WGt2t4Ux2STUmkJxQWxvp9O
hnaVSgZh0Cobu4k4r/g8sO8Wl3bARmTSI4+ywfPYHz/MABtYLMQ4uOaZvAwk4Gcz
stvxJshUKMBTEGOKix0btA1xESC4nTwMWib/E65i/oNLJycIJEvWfIBb8E2z36EI
/5L35qxXlT0=
=Sho2
-----END PGP SIGNATURE-----