Univention Bugzilla – Bug 39436
openssh: multiple issues (4.0)
Last modified: 2015-11-04 17:24:49 CET
The following vulnerability has been found in openssh: * The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. (CVE-2015-5600) This flaw only affects OpenSSH configurations that have the 'KbdInteractiveAuthentication' configuration option set to 'yes'. By default, this option has the same value as the 'ChallengeResponseAuthentication' option. By default, UCS has the 'ChallengeResponseAuthentication' option set to 'yes', via UCR sshd/challengeresponse. Debian itself is not affected due to its default configuration.
There is a patched package in squeeze-lts (see Bug #39437) and in stretch, so I guess one of those might also apply to wheezy. Those patches also fix * CVE-2015-5352: Reject X11 connections after hard-coded Xauth cookie expiration time of 1200 seconds.
r15383: CVE-2015-5352 was deemed minor in Debian: <https://security-tracker.debian.org/tracker/CVE-2015-5352>, backported <https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d> CVE-2015-5600 does not apply to Debian <https://security-tracker.debian.org/tracker/CVE-2015-5600>, forwardported from Squeeze-LTS $ repo_admin.py --cherrypick -r 4.0 --releasedest 4.0 --dest errata4.0-2 -p openssh $ repo_admin.py --cherrypick -r 4.0 -s errata4.0-2 --releasedest 4.0 --dest errata4.0-3 -p openssh Package: openssh Version: 1:6.0p1-4.51.201510261316 Branch: ucs_4.0-0 Scope: errata4.0-3 r64851 | Bug #39436: OpenSSH errata4.0-3 YAML 2015-10-26-openssh.yaml
Advisory: OK Tests (i386): OK
<http://errata.software-univention.de/ucs/4.0/358.html>