Fluid Attacks Database

Description

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	openssh	>=0 <1:7.3p1-1	1:7.3p1-1
alpine v3.3	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| >=0 <7.2_p2-r2	7.2_p2-r2
alpine v3.4	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| >=0 <7.2_p2-r2	7.2_p2-r2
debian 12	openssh	>=0 <1:7.3p1-1	1:7.3p1-1
debian 14	openssh	>=0 <1:7.3p1-1	1:7.3p1-1
alpine v3.2	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.8_p1-r3 \|\| =6.8_p1-r4 \|\| =6.8_p1-r5 \|\| =6.8_p1-r6 \|\| =6.8_p1-r7 \|\| >=0 <6.8_p1-r8	6.8_p1-r8
debian 11	openssh	>=0 <1:7.3p1-1	1:7.3p1-1
rpm rhel6	openssh	-	-
rpm rhel7	openssh	<0:7.4p1-11.el7	0:7.4p1-11.el7
rpm rhel5	openssh	-	-

Aliases

1. CVE-2016-65152. NVD-2016-65153. OSV-DEBIAN-2016-65154. OSV-2016-65155. OSV-ALPINE-2016-65156. SECURITY-TRACKER-CVE-2016-65157. SECURITY-CVE-2016-6515

References

1. https://github.com/opsxcq/exploit-CVE-2016-6515

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.