Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-2281-1.NASL
HistorySep 13, 2016 - 12:00 a.m.

SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2281-1)

2016-09-1300:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.107 Low

EPSS

Percentile

95.1%

JSON

This update for openssh fixes the following issues :

  • CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) [-prevent_timing_user_enumeration]

  • Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902)

  • CVE-2016-6515: Limiting the accepted password length to prevent possible DoS (bsc#992533) Bug fixes :

  • avoid complaining about unset DISPLAY variable (bsc#981654)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:2281-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(93456);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-6210", "CVE-2016-6515");

  script_name(english:"SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2281-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for openssh fixes the following issues :

  - CVE-2016-6210: Prevent user enumeration through the
    timing of password processing (bsc#989363)
    [-prevent_timing_user_enumeration]

  - Allow lowering the DH groups parameter limit in server
    as well as when GSSAPI key exchange is used (bsc#948902)

  - CVE-2016-6515: Limiting the accepted password length to
    prevent possible DoS (bsc#992533) Bug fixes :

  - avoid complaining about unset DISPLAY variable
    (bsc#981654)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=948902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=981654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=992533"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-6210/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-6515/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20162281-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0734afbd"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-openssh-12736=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-openssh-12736=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh-fips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh-helpers");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"4", reference:"openssh-6.6p1-28.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"openssh-askpass-gnome-6.6p1-28.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"openssh-fips-6.6p1-28.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"openssh-helpers-6.6p1-28.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh");
}
VendorProductVersionCPE
novellsuse_linuxopensshp-cpe:/a:novell:suse_linux:openssh
novellsuse_linuxopenssh-askpass-gnomep-cpe:/a:novell:suse_linux:openssh-askpass-gnome
novellsuse_linuxopenssh-fipsp-cpe:/a:novell:suse_linux:openssh-fips
novellsuse_linuxopenssh-helpersp-cpe:/a:novell:suse_linux:openssh-helpers
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

ibm 24
cloudfoundry 1
nessus 38
openvas 24
ubuntu 1
aix 1
symantec 1
mageia 1
amazon 1
freebsd_advisory 1
f5 3
nvd 2
centos 2
veracode 1
packetstorm 3
prion 2
fedora 2
cve 2
archlinux 1
osv 6
redhatcve 2
debiancve 2
cvelist 2
oraclelinux 3
alpinelinux 2
debian 5
exploitpack 3
redhat 2
hackerone 1
zdt 3
freebsd 2
ubuntucve 2
paloalto 1
checkpoint_advisories 2
exploitdb 3
slackware 1
altlinux 3
gentoo 1
rosalinux 1
ics 1
oracle 1
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840
2018-06-18 00:51:30
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900
2023-02-18 01:45:50
Security Bulletin: Multiple vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
cloudfoundry
cloudfoundry
USN-3061-1 OpenSSH vulnerability | Cloud Foundry
2016-08-25 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2016:2280-1)
2016-09-13 00:00:00
openSUSE Security Update : openssh (openSUSE-2016-1096)
2016-09-20 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : OpenSSH vulnerabilities (USN-3061-1)
2016-08-16 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2281-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2280-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-3061-1)
2016-08-16 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2016-08-15 00:00:00
aix
aix
AIX OpenSSH Vulnerability
2016-09-08 14:36:37
symantec
symantec
SA136 : OpenSSH Vulnerabilities
2016-12-13 08:00:00
mageia
mageia
Updated openssh packages fix security vulnerability
2016-08-31 18:32:33
amazon
amazon
Medium: openssh
2017-10-03 11:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:06.openssh
2017-08-10 00:00:00
f5
f5
SOL31510510 - OpenSSH vulnerability CVE-2016-6515
2016-10-19 00:00:00
K14845276 : OpenSSH vulnerability CVE-2016-6210
2016-12-23 00:00:00
K31510510 : OpenSSH vulnerability CVE-2016-6515
2016-10-19 00:00:00
nvd
nvd
CVE-2016-6210
2017-02-13 17:59:00
CVE-2016-6515
2016-08-07 21:59:09
centos
centos
openssh, pam_ssh_agent_auth security update
2017-08-31 18:50:28
openssh, pam_ssh_agent_auth security update
2017-08-24 01:40:16
veracode
veracode
Information Disclosure
2019-01-15 09:20:13
packetstorm
packetstorm
OpenSSHD 7.2p2 User Enumeration
2016-07-18 00:00:00
OpenSSHD 7.2p2 User Enumeration
2016-07-21 00:00:00
OpenSSH 7.2 Denial Of Service
2016-12-08 00:00:00
prion
prion
Design/Logic Flaw
2017-02-13 17:59:00
Authentication flaw
2016-08-07 21:59:00
fedora
fedora
[SECURITY] Fedora 24 Update: openssh-7.2p2-10.fc24
2016-07-20 17:50:40
[SECURITY] Fedora 24 Update: openssh-7.2p2-12.fc24
2016-08-10 07:24:41
cve
cve
CVE-2016-6210
2017-02-13 17:59:00
CVE-2016-6515
2016-08-07 21:59:09
archlinux
archlinux
openssh: information leakage
2016-08-02 00:00:00
osv
osv
openssh - security update
2016-07-30 00:00:00
CVE-2016-6515
2016-08-07 21:59:00
CVE-2016-6210
2017-02-13 17:59:00
redhatcve
redhatcve
CVE-2016-6210
2016-07-18 09:18:22
CVE-2016-6515
2016-08-08 09:19:32
debiancve
debiancve
CVE-2016-6210
2017-02-13 17:59:00
CVE-2016-6515
2016-08-07 21:59:09
cvelist
cvelist
CVE-2016-6210
2017-02-13 00:00:00
CVE-2016-6515
2016-08-07 00:00:00
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2017-08-07 00:00:00
openssh security update
2017-08-31 00:00:00
openssh security update
2023-08-11 00:00:00
alpinelinux
alpinelinux
CVE-2016-6515
2016-08-07 21:59:09
CVE-2016-6210
2017-02-13 17:59:00
debian
debian
[SECURITY] [DLA 594-1] openssh security update
2016-08-12 21:55:19
[SECURITY] [DLA 578-1] openssh security update
2016-07-30 21:40:46
[SECURITY] [DSA 3626-1] openssh security update
2016-07-24 09:19:18
exploitpack
exploitpack
OpenSSH 7.2 - Denial of Service
2016-12-07 00:00:00
OpenSSHd 7.2p2 - Username Enumeration
2016-07-18 00:00:00
OpenSSH 7.2p2 - Username Enumeration
2016-07-20 00:00:00
redhat
redhat
(RHSA-2017:2563) Moderate: openssh security update
2017-08-31 13:09:34
(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update
2017-08-01 05:57:17
hackerone
hackerone
Nextcloud: Password authentication at newsletter.nextcloud.com discloses username list
2019-01-08 09:59:42
zdt
zdt
OpenSSHd 7.2p2 - Username Enumeration (2)
2016-07-20 00:00:00
OpenSSHd 7.2p2 - Username Enumeration (1)
2016-07-18 00:00:00
OpenSSH 7.2 - Denial of Service Exploit
2016-12-07 00:00:00
freebsd
freebsd
FreeBSD -- OpenSSH Denial of Service vulnerability
2017-08-10 00:00:00
openssh -- sshd -- remote valid user discovery and PAM /bin/login attack
2016-08-01 00:00:00
ubuntucve
ubuntucve
CVE-2016-6515
2016-08-07 00:00:00
CVE-2016-6210
2016-07-18 00:00:00
paloalto
paloalto
OpenSSH Vulnerability
2016-11-17 17:02:00
checkpoint_advisories
checkpoint_advisories
OpenSSH sshd auth_passwd Denial of Service (CVE-2016-6515)
2017-01-08 00:00:00
Multiple SSH Initial Connection Requests (CVE-2003-0190; CVE-2006-5229; CVE-2016-6210)
2011-03-29 00:00:00
exploitdb
exploitdb
OpenSSH 7.2p2 - Username Enumeration
2016-07-20 00:00:00
OpenSSH 7.2 - Denial of Service
2016-12-07 00:00:00
OpenSSHd 7.2p2 - Username Enumeration
2016-07-18 00:00:00
slackware
slackware
[slackware-security] openssh
2016-08-06 21:10:35
altlinux
altlinux
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.3
2016-10-20 00:00:00
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.3
2016-10-20 00:00:00
Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2
2016-10-21 00:00:00
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2016-12-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.107 Low

EPSS

Percentile

95.1%

JSON
Related for SUSE_SU-2016-2281-1.NASL
ibm24cloudfoundry1nessus38openvas24ubuntu1aix1symantec1mageia1amazon1freebsd_advisory1f53nvd2centos2veracode1packetstorm3prion2fedora2cve2archlinux1osv6redhatcve2debiancve2cvelist2oraclelinux3alpinelinux2debian5exploitpack3redhat2hackerone1zdt3freebsd2ubuntucve2paloalto1checkpoint_advisories2exploitdb3slackware1altlinux3gentoo1rosalinux1ics1oracle1