漏洞类别:General remote services
漏洞等级: 
漏洞信息
Multiple Vulnerabilities have been reported in OpenSSH.
- The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection. (CVE-2015-5600)
- The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests. (CVE-2015-6563)
- Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges. (CVE-2015-6564)
QID Detection Logic (Unauthenticated):
This unauthenticated detection works by reviewing the version of the OpenSSH service.
漏洞危害
Remote attackers could conduct brute-force attacks or cause a denial of service (CPU consumption).
解决方案
OpenSSH 7.0 has been released to address this issue.
Update to the latest supported version of OpenSSH.
Check the OpenSSH 7.0 for further information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论