7.8

CVE-2016-8858

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests.  NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version6.8
OpenbsdOpenssh Version6.9
OpenbsdOpenssh Version7.0
OpenbsdOpenssh Version7.1
OpenbsdOpenssh Version7.2
OpenbsdOpenssh Version7.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.46% 0.979
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://security.gentoo.org/glsa/201612-18
Third Party Advisory
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127&f=h
Vendor Advisory
Issue Tracking
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup
Vendor Advisory
Issue Tracking
http://www.openwall.com/lists/oss-security/2016/10/19/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/10/20/1
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/93776
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037057
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1384860
Issue Tracking
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig
Patch
Vendor Advisory
https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad
Patch
Third Party Advisory
Issue Tracking
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180201-0001/
Third Party Advisory