CVE-2016-6515 - OpenCVE

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Openbsd	Openssh
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

References

Link	Resource
http://openwall.com/lists/oss-security/2016/08/01/2	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/92212
http://www.securitytracker.com/id/1036487
https://access.redhat.com/errata/RHSA-2017:2029
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97	Issue Tracking Patch
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc
https://security.netapp.com/advisory/ntap-20171130-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us
https://www.exploit-db.com/exploits/40888/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-08-07T00:00:00

Updated: 2022-12-13T00:00:00

Reserved: 2016-08-01T00:00:00

Link: CVE-2016-6515

JSON object: View

NVD Information

Status : Modified

Published: 2016-08-07T21:59:09.943

Modified: 2023-11-07T02:34:03.377

Link: CVE-2016-6515

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2016-6515", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2022-12-13T00:00:00", "dateReserved": "2016-08-01T00:00:00", "datePublished": "2016-08-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us"}, {"url": "https://security.netapp.com/advisory/ntap-20171130-0003/"}, {"url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"}, {"url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"}, {"name": "40888", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/40888/"}, {"name": "92212", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/92212"}, {"name": "FreeBSD-SA-17:06", "tags": ["vendor-advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "1036487", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1036487"}, {"name": "FEDORA-2016-4a3debc3a6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"}, {"name": "RHSA-2017:2029", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2029"}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released", "tags": ["mailing-list"], "url": "http://openwall.com/lists/oss-security/2016/08/01/2"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2016-08-01T00:00:00"}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*", "matchCriteriaId": "4AFA4267-E15B-4826-9B98-63F68AB1627F", "versionEndIncluding": "7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string."}, {"lang": "es", "value": "La funci\u00f3n auth_password en auth-passwd.c en sshd en OpenSSH en versiones anteriores a 7.3 no limita longitudes de contrase\u00f1a para autenticaci\u00f3n de contrase\u00f1a, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU clave) a trav\u00e9s de una cadena larga."}], "id": "CVE-2016-6515", "lastModified": "2023-11-07T02:34:03.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-07T21:59:09.943", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://openwall.com/lists/oss-security/2016/08/01/2"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/92212"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036487"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2017:2029"}, {"source": "cve@mitre.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "cve@mitre.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"}, {"source": "cve@mitre.org", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20171130-0003/"}, {"source": "cve@mitre.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/40888/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}