Threat Reference:
The OpenSSH OPIE for PAM vulnerability was posted to
[
Full Disclosure: Re: OpenSSH - System Account Enumeration if S/Key is used] OPIE for PAM vulnerability in OpenSSH.
The OpenSSH process_open function vulnerability was posted to
[
https://www.openssh.com/txt/release-7.6] OpenSSH release 7.6.
The OpenSSH - Authentication Attempt Processing vulnerability was posted to
[
OpenSSH Authentication Attempt Processing Lets Remote Users Determine Valid Usernames on the Target System - SecurityTracker] Alert ID=1041487.
For more information on the SCP client multiple vulnerabilities, see
[
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt] SCP client multiple vulnerabilities.
The multiple vulnerabilities fixed in version 7.5 was posted to
[
http://www.openssh.com/txt/release-7.5] OpenSSH 7.5 release announcement.
Problem:
OpenSSH - User Account Enumeration if OPIE for PAM is used
01/29/18
CVE 2007-2768
OpenSSH version prior to 4.6, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP).
OpenSSH process_open function vulnerability
01/23/18
CVE 2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
OpenSSH - Authentication Attempt Processing vulnerability
08/16/18
CVE 2018-15473
OpenSSH version prior to 7.7 is affected by an authentication Attempt Processing which could let remote users determine valid usernames on the target system. SCP client multiple vulnerabilities
01/14/19
CVE 2018-20685
CVE 2019-6109
CVE 2019-6110
CVE 2019-6111
OpenSSH through 7.9 are susceptible to a malicious SCP server performing unauthorized changes to target directory and/or client output manipulation:
SCP client improper directory name validation.
SCP client missing received object name validation.
SCP client spoofing via object name.
SCP client spoofing via stderr.
Multiple vulnerabilities fixed in version 7.5
03/22/17
OpenSSH 7.5 fixed multiple vulnerabilities, including
a path-traversal attack vulnerability in sftp-client on Cygwin to create or modify files outside of the intended target directory and to conduct padding oracle attacks against CBC mode encryption, which may eventually lead to decrypt messages in certain cases.
Impact:
This document describes some vulnerabilities in the OpenSSH cryptographic login program. Outdated versions of OpenSSH may allow a malicious user to log in as another user, to insert arbitrary commands into a session, to gain remote root access to the OpenSSH server, or to elevate privileges.
Resolution:
Upgrade to [
OpenSSH] OpenSSH version higher than 7.9, or install a fix from your operating system vendor.
----------------------------------------
