- Status Closed
- Percent Complete
- Task Type Security Issue
- Category Any
-
Assigned To
Emulatorman - Operating System All
- Severity Critical
- Priority Very High
- Reported Version Any
- Due in Version Starfix
-
Due Date
Undecided
- Votes
- Private
Attached to Project: Packages
Opened by bugmen0t - 22/08/2018
Last edited by Emulatorman - 28/08/2018
Opened by bugmen0t - 22/08/2018
Last edited by Emulatorman - 28/08/2018
FS#1142 - [openssh] CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
https://security-tracker.debian.org/tracker/CVE-2018-15473
Patch: https://salsa.debian.org/ssh-team/openssh/commit/4641c58a3279f6b118f9562babaa0ee050a38619
Technical analysis: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task