IBM MQ Appliance has addressed vulnerabilities in OpenSSH.
CVEID: CVE-2016-10009 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading of a specially crafted PKCS#11 module across a forwarded agent channel. An attacker could exploit this vulnerability to write files or execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119828 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-6515 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for password authentication by the auth_password function. A remote attacker could exploit this vulnerability using an overly long string to consume all available CPU resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115911 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-6210 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by the increased amount of time it takes to calculate SHA256/SHA512 hash rather than BLOWFISH hash. An attacker could exploit this vulnerability using a covert timing channel to enumerate users on a system that runs SSHD.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115128 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
IBM MQ Appliance 8.0
Maintenance levels 8.0.0.0 - 8.0.0.8
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Continuous delivery updates 9.0.1 - 9.0.4
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.9
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
CPE | Name | Operator | Version |
---|---|---|---|
ibm mq appliance | eq | 9.0.4 | |
ibm mq appliance | eq | 9.0.3 | |
ibm mq appliance | eq | 9.0.2 | |
ibm mq appliance | eq | 9.0.1 | |
ibm mq appliance | eq | 8.0 |