SSH CVE-2016-8858

rfcabal · Sep 4, 2017

Hi guys

I have a question, recently one of our clients is worry about CVE-2016-8858 which affect ssh version 6.6p1.

I have run this command

Code:

rpm -q --changelog openssh | grep CVE-2016-8858

and nothing comes out.

does it mean my actual version of ssh it is not affected by this vulnerability?

my version is openssh-server-6.6.1p1-35.el7_3.x86_64

Regards

cPanelMichael · Sep 6, 2017

Hello,

This CVE is documented at:

CVE-2016-8858 - Red Hat Customer Portal

Per this page:

The Red Hat Product Security Team does not consider this issue to be a security flaw, for more information please refer to Bug 1384860 – CVE-2016-8858 openssh: Memory exhaustion due to unregistered KEXINIT handler after receiving message

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
T	cpHulk security warning on deactived sshd service.	Security	2	Jan 11, 2023
	SSH - Accessing sent publickey gssapi-keyex gssapi-with-mic	Security	1	Jan 2, 2023
G	Unable to connect to a cPanel server via SSH	Security	5	Nov 1, 2022
V	openssh privileged escalation vuln	Security	3	Aug 28, 2022
L	how to access whm files using ssh rescue mode	Security	1	Apr 30, 2022

Search

Search

SSH CVE-2016-8858

rfcabal

Member

cPanelMichael

Administrator