Vulnerability CVE-2018-15473: Information

Description

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-15473
Published: Aug. 17, 2018
Modified: Feb. 24, 2023
Error type identifier: CWE-362

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
opensshsisyphus7.2p2-alt39.6p1-alt1ALT-PU-2018-2222-1211897Fixed
opensshp107.2p2-alt37.9p1-alt4.p10.6ALT-PU-2018-2222-1211897Fixed
opensshp97.2p2-alt37.9p1-alt1ALT-PU-2018-2222-1211897Fixed
opensshp87.2p2-alt2.M80P.27.2p2-alt2.M80P.2ALT-PU-2018-2229-1211899Fixed
opensshc10f17.2p2-alt37.9p1-alt4.p10.6ALT-PU-2018-2222-1211897Fixed
opensshc9f27.2p2-alt37.9p1-alt4.p10.6ALT-PU-2018-2222-1211897Fixed
opensshc76.7p1-alt1.M70C.56.7p1-alt1.M70C.5ALT-PU-2018-2223-1211896Fixed
opensshp117.2p2-alt39.6p1-alt1ALT-PU-2018-2222-1211897Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
  • Patch
https://bugs.debian.org/906236
  • Issue Tracking
  • Mailing List
  • Patch
  • Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/08/15/5
  • Mailing List
  • Patch
  • Third Party Advisory
1041487
  • Broken Link
  • Patch
  • Third Party Advisory
  • VDB Entry
[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update
  • Mailing List
  • Third Party Advisory
45233
  • Exploit
  • Third Party Advisory
  • VDB Entry
45210
  • Exploit
  • Third Party Advisory
  • VDB Entry
DSA-4280
  • Third Party Advisory
105140
  • Broken Link
  • Third Party Advisory
  • VDB Entry
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
  • Third Party Advisory
GLSA-201810-03
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20181101-0001/
  • Third Party Advisory
USN-3809-1
  • Third Party Advisory
45939
  • Exploit
  • Third Party Advisory
  • VDB Entry
RHSA-2019:0711
  • Third Party Advisory
RHSA-2019:2143
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
  • Patch
  • Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
  • Patch
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
      End including
      7.7

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

      Configuration 5

      cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

      Configuration 6

      cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
      cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
      cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
      cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
      Start including
      9.4
      cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*
      Start including
      7.2

      Configuration 7

      cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

      Configuration 8

      cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*
      Running on/with:
      cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

      Configuration 9

      cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*

      Configuration 10

      cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top