Univention Bugzilla – Bug 39437
openssh: multiple issues (3.2)
Last modified: 2015-11-19 13:30:33 CET
+++ This bug was initially created as a clone of Bug #39436 +++ The following vulnerability has been found in openssh: * The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. (CVE-2015-5600) This flaw only affects OpenSSH configurations that have the 'KbdInteractiveAuthentication' configuration option set to 'yes'. By default, this option has the same value as the 'ChallengeResponseAuthentication' option. By default, UCS has the 'ChallengeResponseAuthentication' option set to 'yes', via UCR sshd/challengeresponse. Debian itself is not affected due to its default configuration.
Actually there has been an update for squeeze-lts: 1:5.5p1-6+squeeze6 * CVE-2015-5352: Reject X11 connections after hard-coded Xauth cookie expiration time of 1200 seconds. (Closes: #790798). * CVE-2015-5600: Only query each keyboard-interactive device once per authentication request regardless of how many times it is listed. (Closes: #793616).
$ repo_admin.py -U -p openssh -d squeeze-lts -r 3.2-0-0 -s errata3.2-7 r15381 + r15382 Package: openssh Version: 1:5.5p1-6.49.201510261154 Branch: ucs_3.2-0 Scope: errata3.2-7 r64846 | Bug #39437: OpenSSH errata3.2-7 YAML r64845 | Bug #39437: OpenSSH errata3.2-7 YAML 2015-10-26-openssh.yaml
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-client openssh-server OK: /usr/share/doc/openssh-server/changelog.Debian.gz OK: 2015-10-26-openssh.yaml OK: Test: ssh localhost; ssh to-other-host; ssh from-other-host
<http://errata.software-univention.de/ucs/3.2/379.html>