Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneIbrahim71192H1:1726445
HistoryOct 07, 2022 - 6:50 p.m.

Nextcloud: A vulnerability classified as critical has been found in gsi-openssh-server 7.9p1 on Fedora (Connectivity Software) on server (http://95.217.64.181:22

2022-10-0718:50:27
ibrahim71192
hackerone.com
43
vulnerability
gsi-openssh-server
fedora
credential management
cwe-255
cve-2019-7639
permitpamuserchange
privilege escalation
remote attack
t1552
mitre att&ck
putty

EPSS

0.002

Percentile

61.0%

JSON

Summary:

" hello "
vulnerability:
GSI-OPENSSH-SERVER 7.9P1 ON FEDORA /ETC/GSISSH/SSHD_CONFIG CREDENTIALS MANAGEMENT
Description of problem:
A vulnerability classified as critical has been found in gsi-openssh-server 7.9p1 on Fedora (Connectivity Software) on server (http://95.217.64.181:22). This affects some unknown functionality of the file /etc/gsissh/sshd_config. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-255. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.
The bug was discovered 02/08/2019. The weakness was released 02/08/2019. This vulnerability is uniquely identified as CVE-2019-7639 since 02/08/2019. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1552 according to MITRE ATT&CK.

If PermitPAMUserChange is set to yes in the sshd_config for gsi-openssh-server, anyone is allowed to login to the system with existing user even if they provide incorrect password

Version-Release number of selected component (if applicable): 7.9p1

How reproducible:
Always

Steps to Reproduce:

  1. Install gsi-openssh-server
  2. Initialize rsa, ecdsa, ed25519 keys for gsi-openssh server using gsissh-keygen
  3. Set PermitPAMUserChange to yes in /etc/gsissh/sshd_config
  4. Run /usr/sbin/gsisshd
  5. Try to connect to the system using Putty with user “root” and some incorrect password like “test1234” (The actual password for root on the test system was root1234)

Actual results:
User gets logged in even though there is a failure entry in /var/log/messages for user authentication

Expected results:
User should not be able to login unless he provides the correct password

Additional info:
its possible that earlier versions might also be vulnerable.

https://nvd.nist.gov/vuln/detail/CVE-2019-7639

Impact

This is going to have an impact on confidentiality, integrity, and availability

Related

fedora 2
nvd 1
prion 1
cvelist 1
openvas 2
cve 1
nessus 2
fedora
fedora
[SECURITY] Fedora 28 Update: gsi-openssh-7.8p1-3.fc28
2019-02-18 01:27:33
[SECURITY] Fedora 29 Update: gsi-openssh-7.9p1-5.fc29
2019-02-18 02:05:25
nvd
nvd
CVE-2019-7639
2019-02-08 11:29:00
prion
prion
Default credentials
2019-02-08 11:29:00
cvelist
cvelist
CVE-2019-7639
2019-02-08 11:00:00
openvas
openvas
Fedora Update for gsi-openssh FEDORA-2019-710afd062a
2019-02-18 00:00:00
Fedora Update for gsi-openssh FEDORA-2019-af3d726d38
2019-05-07 00:00:00
cve
cve
CVE-2019-7639
2019-02-08 11:29:00
nessus
nessus
Fedora 28 : gsi-openssh (2019-710afd062a)
2019-02-19 00:00:00
Fedora 29 : gsi-openssh (2019-af3d726d38)
2019-02-19 00:00:00

EPSS

0.002

Percentile

61.0%

JSON
Related for H1:1726445
fedora2nvd1prion1cvelist1openvas2cve1nessus2