Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-1337
HistoryDec 08, 2015 - 8:00 a.m.

SA104 : OpenSSH Vulnerabilities

2015-12-0808:00:00
Symantec Security Response
41

0.164 Low

EPSS

Percentile

96.0%

JSON

SUMMARY

Blue Coat products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. An attacker, with access to the management interface, may exploit these vulnerabilities to conduct brute-force password guessing attacks, bypass access restrictions, log in as a different user, achieve privilege escalation, execute arbitrary code, and force SSH clients to skip security checks. The attacker can also cause denial of service due to memory corruption and illegal memory accesses.

AFFECTED PRODUCTS

The following products are vulnerable:

Advanced Secure Gateway (ASG)

CVE |Affected Version(s)|Remediation
All CVEs | 6.7 and later | Not vulnerable, fixed in 6.7.2.1
CVE-2014-2653 | 6.6 | Upgrade to 6.6.3.1.
CVE-2014-2532 | 6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.3.1.
CVE-2015-5600, CVE-2015-6563,
CVE-2015-6564 | 6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.5.1.

Content Analysis System (CAS)

CVE |Affected Version(s)|Remediation
All CVEs | 2.1 and later | Not vulnerable, fixed in 2.1.1.1
CVE-2014-2532, CVE-2014-2653 | 1.3 | Upgrade to 1.3.6.1.
1.1, 1.2 | Upgrade to later release with fixes.
CVE-2015-6563, CVE-2015-6564 | 1.3 | Upgrade to 1.3.7.1.
1.1, 1.2 | Upgrade to later release with fixes.
CVE-2015-5352, CVE-2015-5600 | 1.3 (not vulnerable to known vectors of attack) | Upgrade to 1.3.7.1.
1.1, 1.2 (not vulnerable to known vectors of attack0 | Upgrade to later release with fixes.

Director

CVE |Affected Version(s)|Remediation
CVE-2014-2532, CVE-2014-2653,
CVE-2015-5600, CVE-2015-6563,
CVE-2015-6564 | 6.1 | Upgrade to 6.1.22.1.

Mail Threat Defense (MTD)

CVE |Affected Version(s)|Remediation
CVE-2015-6563, CVE-2015-6564 | 1.1 | Not available at this time
CVE-2015-5600 | 1.1 (not vulnerable to known vectors of attack) | Upgrade to 1.1.2.1.
CVE-2015-5352 | 1.1 (not vulnerable to known vectors of attack) | Not available at this time

Malware Analysis Appliance (MAA)

CVE |Affected Version(s)|Remediation
CVE-2014-2532, CVE-2014-2653,
CVE-2015-5600, CVE-2015-6563,
CVE-2015-6564 | 4.2 | Upgrade to 4.2.8.

Management Center (MC)

CVE |Affected Version(s)|Remediation
CVE-2014-2532, CVE-2014-2653 | 1.5 and later | Not vulnerable, fixed in 1.5.1.1
1.4 | Upgrade to later release with fixes.
CVE-2015-6563, CVE-2015-6564 | 1.6 and later | Not vulnerable, fixed in 1.6.1.1
1.4, 1.5 | Upgrade to later release with fixes.

Norman Shark Industrial Control System Protection (ICSP)

CVE |Affected Version(s)|Remediation
CVE-2015-5352, CVE-2015-5600,
CVE-2015-6563, CVE-2015-6564 | 5.4 | Not vulnerable, fixed in 5.4.1
5.3 | Upgrade to 5.3.6.

Norman Shark Network Protection (NNP)

CVE |Affected Version(s)|Remediation
CVE-2015-5352, CVE-2015-5600,
CVE-2015-6563, CVE-2015-6564 | 5.3 | Upgrade to 5.3.6.

Norman Shark SCADA Protection (NSP)

CVE |Affected Version(s)|Remediation
CVE-2015-5352, CVE-2015-5600,
CVE-2015-6563, CVE-2015-6564 | 5.3 | Upgrade to 5.3.6.

PacketShaper (PS) S-Series

CVE |Affected Version(s)|Remediation
All CVEs | 11.6 and later | Not vulnerable, fixed in 11.6.1.1
CVE-2014-2532, CVE-2015-5600 | 11.5 | Upgrade to 11.5.2.1.
11.2, 11.3, 11.4 | Upgrade to later release with fixes.
CVE-2015-6563, CVE-2015-6564 | 11.5 | Upgrade to 11.5.3.2.
11.2, 11.3, 11.4 | Upgrade to later release with fixes.

PolicyCenter (PC) S-Series

CVE |Affected Version(s)|Remediation
CVE-2015-6563, CVE-2015-6564 | 1.1 | Upgrade to 1.1.2.2.

Reporter

CVE |Affected Version(s)|Remediation
CVE-2014-2532, CVE-2014-2653 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1
10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.3.1.
CVE-2014-9278 | 10.1 and later | Not vulnerable
CVE-2015-5352, CVE-2015-5600 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1
10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.4.2.
CVE-2015-6563, CVE-2015-6564 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1
10.1 | Upgrade to 10.1.4.2.
All CVEs | 9.4, 9.5 | Not vulnerable

Security Analytics (SA)

CVE |Affected Version(s)|Remediation
CVE-2014-2532 | 7.2 and later | Not vulnerable, fixed in 7.2.1
7.1 | Upgrade to 7.1.11.
7.0 | Upgrade to later release with fixes.
6.6 | Upgrade to 6.6.12.
CVE-2014-2653,
CVE-2015-5600, CVE-2015-6563,
CVE-2015-6564 | 7.2 and later | Not vulnerable, fixed in 7.2.1
7.1 | Upgrade to 7.1.11.
7.0 | Upgrade to later release with fixes.
6.6 | Upgrade to 6.6.12.
CVE-2015-5352 | 7.2 and later | Not vulnerable, fixed in 7.2.1
7.1 (not vulnerable to known vectors of attack) | Apply patch RPM available from customer support.
7.0 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes.
6.6 (not vulnerable to known vectors of attack) | Apply patch RPM available from customer support.

SSL Visibility (SSLV)

CVE |Affected Version(s)|Remediation
CVE-2015-6563, CVE-2015-6564 | 3.10 and later | Fixed in 3.10.1.1
3.9 | Upgrade to 3.9.3.6.
3.8.4FC | Upgrade to 3.8.4FC-55.
3.8 | Upgrade to later release with fixes.

X-Series XOS

CVE |Affected Version(s)|Remediation
CVE-2014-2532, CVE-2014-2653,
CVE-2015-5600, CVE-2015-6563,
CVE-2015-6564 | 11.0 | Not available at this time
10.0 | Not available at this time
9.7 | Not available at this time

ADDITIONAL PRODUCT INFORMATION

In SSL Visibility, the OpenSSH vulnerabilities can be exploited only the product's management interfaces (web UI, CLD). Limiting the machines, IP addresses and subnets able to reach this physical network port reduces the threat. This reduces the CVSS v2 scores for multiple CVEs. The adjusted CVSS v2 base scores and severity are:

  • CVE-2014-2532 - 4.3 (MEDIUM) (AV:A/AC:M/Au:N/C:P/I:P/A:N)
  • CVE-2014-2653 - 4.3 (MEDIUM) (AV:A/AC:M/Au:N/C:P/I:P/A:N)
  • CVE-2015-5352 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:N/I:P/A:N)
  • CVE-2015-5600 - 6.8 (MEDIUM) (AV:A/AC:L/Au:N/C:P/I:N/A:C)

Blue Coat products do not enable or use all functionality within OpenSSH. Products that do not utilize or enable the functionality described in a CVE are not vulnerable to that CVE. However, fixes for those CVEs will be included in the patches that are provided. The following products include vulnerable versions of OpenSSH, but do not use the functionality described in the CVEs and are not known to be vulnerable.

  • ASG: CVE-2014-2532, CVE-2015-5600, CVE-2015-6563, and CVE-2015-6564
  • CAS: CVE-2015-5352 and CVE-2015-5600
  • Director: CVE-2015-5352
  • MAA: CVE-2015-5352
  • MTD: CVE-2015-5352 and CVE-2015-5600
  • MC: CVE-2015-5352 and CVE-2015-5600
  • PS S-Series: CVE-2014-2653 and CVE-2015-5352
  • PC S-Series: CVE-2015-5352
  • Reporter 10.1: CVE-2014-2532, CVE-2014-2653, CVE-2015-5352, and CVE-2015-5600
  • Security Analytics: CVE-2015-5352
  • SSLV: CVE-2014-2653, CVE-2015-5352, and CVE-2015-5600
  • XOS: CVE-2015-5352

The following products are not vulnerable:
Android Mobile Agent
AuthConnector
BCAAA
Blue Coat HSM Agent for the Luna SP
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
IntelligenceCenter
IntelligenceCenter Data Collector
K9
PacketShaper
PolicyCenter
ProxyAV
ProxyAV ConLog and ConLogXP
ProxyClient
ProxySG
Unified Agent
Web Isolation

Blue Coat no longer provides vulnerability information for the following products:

DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.

ISSUES

CVE-2014-1692

Severity / CVSSv2 | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) References| SecurityFocus: BID 65230 / NVD: CVE-2014-1692 Impact| Denial of service, unspecified other impact Description | A flaw allows an attacker to cause memory corruption, resulting in a denial of service or unspecified other impact.

CVE-2014-2532

Severity / CVSSv2 | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) References| SecurityFocus: BID 66355 / NVD: CVE-2014-2532 Impact| Security control bypass Description | A flaw allows an attacker to pass environment variables to a server SSH session and bypass intended environment variable restrictions.

CVE-2014-2653

Severity / CVSSv2 | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) References| SecurityFocus: BID 66459 / NVD: CVE-2014-2653 Impact| Security control bypass Description | A flaw allows an attacker to cause SSH clients to skip SSHFP DNS record checks when establishing SSH connections.

CVE-2014-9278

Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) References| SecurityFocus: BID 71420 / NVD: CVE-2014-9278 Impact| Security control bypass Description | A flaw allows a remote attacker in a Kerberos environment to log in as a different user if changing users is allowed only after local authentication.

CVE-2015-5352

Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) References| SecurityFocus: BID 75525 / NVD: CVE-2015-5352 Impact| Security control bypass Description | A flaw allows an attacker to bypass intended time window access restrictions when establishing X11 connections to SSH clients.

CVE-2015-5600

Severity / CVSSv2 | High / 8.5 (AV:N/AC:L/Au:N/C:P/I:N/A:C) References| SecurityFocus: BID 75990 / NVD: CVE-2015-5600 Impact| Information disclosure Description | A flaw allows an attacker to conduct brute-force password guessing attacks or cause denial of service in SSH servers that use keyboard interactive authentication.

CVE-2015-6563

Severity / CVSSv2 | Low / 1.9 (AV:L/AC:M/Au:N/C:N/I:P/A:N) References| SecurityFocus: BID 76317 / NVD: CVE-2015-6563 Impact| Privilege escalation Description | A flaw allows a local attacker with valid user credentials to achieve privilege escalation if the attacker has already compromised a local non-privileged pre-authentication process.

CVE-2015-6564

Severity / CVSSv2 | Medium / 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) References| SecurityFocus: BID 76317 / NVD: CVE-2015-6564 Impact| Denial of service, privilege escalation Description | A flaw allows a local attacker to cause the SSH daemon to crash or execute arbitrary code with root privileges if the attacker has already compromised a local non-privileges pre-authentication process.

CVE-2015-6565

Severity / CVSSv2 | High / 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) References| SecurityFocus: BID 76497 / NVD: CVE-2015-6565 Impact| Denial of service, unspecified other impact Description | A flaw that allows a local attacker to cause denial-of-service or have unspecified other impact through writing to TTY device files.

MITIGATION

These vulnerabilities can be exploited only through the management interfaces for all vulnerable products. Allowing only machines, IP addresses and subnets from a trusted network to access the management interface reduces the threat of exploiting the vulnerabilities.

By default, Director does not configure its OpenSSH software to accept environment variables from clients or to use keyboard interactive authentication. Customers who leave this default behavior unchanged prevent attacks against Director using CVE-2014-2532 and CVE-2015-5600.

By default, MAA does not use SSH as a client, does not use SSH in a Kerberos environment, and does not configure its OpenSSH software to use keyboard interactive authentication. Customers who leave this default behavior unchanged prevent attacks against MAA using CVE-2014-2653 and CVE-2015-5600.

By default, Security Analytics does not use SSH in a Kerberos environment. Also, it does not configure its OpenSSH software to accept environment variables from clients or to use keyboard interactive authentication. Customers who leave this default behavior unchanged prevent attacks against Security Analytics using CVE-2014-2532 and and CVE-2015-5600.

By default, XOS does not use SSH as a client and does not configure its OpenSSH software to accept environment variables from clients or to use keyboard interactive authentication. Customers who leave this default behavior unchanged prevent attacks against XOS using CVE-2014-2532, CVE-2014-2653, CVE-2015-5600.

REFERENCES

OpenSSH security announcements - <https://www.openssh.com/security.html&gt;

REVISION

2020-04-20 Security Analytics 7.3, 8.0, and 8.1 are not vulnerable to CVE-2014-2532. Industrial Control System Protection (ICSP) 5.4 is not vulnerable because a fix is available in 5.4.1. Advisory status moved to Closed.
2019-10-02 Web Isolation is not vulnerable.
2019-08-29 Reporter 10.3 and 10.4 have vulnerable versions of OpenSSH for CVE-2014-2532, but are not vulnerable to known vectors of attack.
2019-01-20 SA 7.3 starting with 7.3.2 and 8.0 are vulnerable to CVE-2014-2532.
2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2018-04-22 PacketShaper S-Series 11.10 is not vulnerable.
2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1.
2017-08-02 SSLV 4.1 is not vulnerable.
2017-07-24 PacketShaper S-Series 11.9 is not vulnerable.
2017-07-20 MC 1.10 is not vulnerable.
2017-06-22 Security Analytics 7.3 is not vulnerable.
2017-06-05 PacketShaper S-Series 11.8 is not vulnerable.
2017-05-17 CAS 2.1 is not vulnerable.
2017-03-06 MC 1.8 is not vulnerable. SSLV 4.0 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2017-02-16 Previously, it was reported that Security Analytics by default is not vulnerable to CVE-2014-2653 because it does not act as an SSH client. Further investigation has shown that Security Analytics acts as an SSH client and is vulnerable to CVE-2014-2653 by default.
2016-11-29 A fix for Director is available in 6.1.22.1. PacketShaper S-Series 11.7 is not vulnerable. SSLV 3.11 is not vulnerable.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-11-08 A fix for all CVEs in ASG is available in 6.6.5.1.
2016-11-07 SSLV 3.10 is not vulnerable
2016-09-22 A fix for all CVEs in Reporter 10.1 is available in 10.1.4.2. MC 1.6 and 1.7 are not vulnerable because they have the vulnerability fixes. Further vulnerability fixes for MC 1.4 and 1.5 will not be provided. Please upgrade to the latest MC version with the vulnerability fixes.
2016-09-01 A fix for SSLV 3.8.4FC is available in 3.8.4FC-55.
2016-08-12 A fix for all CVEs in CAS 1.3 is available in 1.3.7.1. Security Analytics 7.2 is not vulnerable.
2016-06-30 PacketShaper S-Series is not vulnerable.
2016-06-28 Fixed typos in Affected Products, Advisory Details, and Patches sections.
2016-06-27 Fixes will not be provided for PacketShaper S-Series 11.2, 11.3, and 11.4. Please upgrade to a later version with the vulnerability fixes.
2016-06-24 A fix for CVE-2014-2653 in PS S-Series is available in 11.5.2.1. A fix for all CVEs in PS S-Series is available in 11.5.3.2. A fix for PC S-Series is available in 1.1.2.2.
2016-06-22 A fix for CVE-2014-2532 is available in ASG 6.6.3.1.
2016-06-22 Previously, it was reported that ASG 6.6 is not vulnerable to CVE-2014-2532, CVE-2015-5600, CVE-2015-6563, and CVE-2015-6564. Further investigation has shown that ASG 6.6 has a vulnerable version of OpenSSH for multiple CVEs, but is not vulnerable to known vectors of attack.
2016-06-16 PC S-Series is vulnerable to CVE-2015-6563 and CVE-2015-6564. It also has vulnerable code for CVE-2015-5352, but is not vulnerable to known vectors of attack. A fix is not available at this time.
2016-06-14 A fix for SA 7.0 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2016-06-13 Fixes for ICSP, NNP, and NSP are available in 5.3.6.
2016-05-26 Fixes for CVE-2015-5352 in Security Analytics 6.6 and 7.1 are available through patch RPMs from Blue Coat Support.
2016-05-19 Fixes for all CVEs except CVE-2015-5352 are available in Security Analytics 6.6.12 and 7.1.11.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-04-27 A fix for CVE-2015-5600 in MTD 1.1 is available in 1.1.2.1.
2016-04-24 MTD 1.1 is vulnerable to CVE-2015-6563 and CVE-2015-6564. It also have vulnerable code for CVE-2015-5352 and CVE-2015-5600, but is not vulnerable to known vectors of attack.
2016-04-22 It was previously reported that Security Analytics 6.6, 7.0, and 7.1 are vulnerable to CVE-2014-9278, and that Reporter 10.1 has vulnerable code for CVE-2014-9278. New information indicates that SA and Reporter are not vulnerable to this CVE.
2016-04-19 Fixes for CVE-2014-2532 and CVE-2015-5600 in PS S-Series 11.5 are available in 11.5.2.1.
2016-04-15 Fixes will not be provided for CAS 1.1 and 1.2. Please upgrade to a later version with the vulnerability fixes.
2016-03-14 A fix for CVE-2014-2532 and CVE-2014-2653 in CAS 1.3 is available in 1.3.6.1.
2016-03-10 A fix for MAA 4.2 is available in 4.2.8. It was previously reported that MAA 4.2 is vulnerable to CVE-2014-9278, but further investigation has shown that it is not vulnerable to that CVE.
2016-03-04 A fix for CVE-2014-2532 and CVE-2014-2653 is available in Reporter 10.1.3.1.
2016-01-21 A fix for SSLV 3.9 is available.
2016-01-15 A fix for SSLV 3.8 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2015-12-22 MC 1.5 contains fixes for CVE-2014-2532 and CVE-2014-2653. It is vulnerable to or has vulnerable code for other CVEs, and fixes are pending.
2015-12-21 CAS, Director, MAA, MC, PacketShaper, Reporter 10.1, Security Analytics, SSLV, and XOS have vulnerable OpenSSH software, but do not use the vulnerable functionality and are not known to be vulnerable. The vulnerable software will be patched in future releases.
2015-12-10 Security Analytics 6.6, 7.0, and 7.1 are vulnerable.
2015-12-09 initial public release

Related

openvas 37
gentoo 1
nessus 56
oraclelinux 4
amazon 3
fedora 5
freebsd 1
ibm 12
altlinux 2
centos 4
redhat 4
suse 1
f5 8
aix 3
freebsd_advisory 1
securityvulns 3
debian 5
osv 3
ubuntu 4
zdt 2
prion 4
cve 5
debiancve 5
ubuntucve 7
nvd 4
exploitpack 1
cvelist 6
veracode 4
mageia 1
archlinux 1
slackware 1
seebug 1
openvas
openvas
Gentoo Security Advisory GLSA 201512-04
2015-12-22 00:00:00
Oracle: Security Advisory (ELSA-2015-2088)
2015-11-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1544-1)
2021-04-19 00:00:00
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2015-12-20 00:00:00
nessus
nessus
GLSA-201512-04 : OpenSSH: Multiple vulnerabilities
2015-12-22 00:00:00
OpenSSH < 7.0 Multiple Vulnerabilities
2015-08-13 00:00:00
OpenSSH < 7.0 Multiple Vulnerabilities
2016-04-22 00:00:00
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2015-11-23 00:00:00
openssh security, bug fix and enhancement update
2015-03-09 00:00:00
openssh security, bug fix, and enhancement update
2014-10-15 00:00:00
amazon
amazon
Medium: openssh
2015-12-14 10:00:00
Medium: openssh
2015-09-02 12:00:00
Medium: openssh
2014-07-09 16:32:00
fedora
fedora
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21
2015-08-27 23:52:00
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-13.fc21
2015-07-10 19:09:25
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-15.fc21
2015-08-03 04:31:13
freebsd
freebsd
OpenSSH -- PAM vulnerabilities
2015-08-11 00:00:00
ibm
ibm
Security Bulletin: Openssh vulnerabilities affect IBM SmartClound Entry (CVE-2015-5352 CVE-2015-6563 CVE-2015-6564)
2020-07-19 00:49:12
Security Bulletin: Vulnerabilities in Open Source openssh affect IBM Security Identity Governance Appliance (CVE-2015-5352, CVE-2015-6563, CVE-2015-6564 )
2018-06-16 21:46:31
Security Bulletin: Vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2015-5352, CVE-2015-6563, and CVE-2015-6564)
2018-06-16 21:45:01
altlinux
altlinux
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.4
2016-11-08 00:00:00
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.4
2016-11-08 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2015-11-30 19:46:33
openssh, pam_ssh_agent_auth security update
2016-05-16 10:19:28
openssh, pam_ssh_agent_auth security update
2015-03-17 13:29:24
redhat
redhat
(RHSA-2015:2088) Moderate: openssh security, bug fix, and enhancement update
2015-11-19 14:41:38
(RHSA-2016:0741) Moderate: openssh security, bug fix, and enhancement update
2016-05-10 06:42:16
(RHSA-2015:0425) Moderate: openssh security, bug fix and enhancement update
2015-03-05 00:00:00
suse
suse
Security update for openssh (important)
2015-09-21 09:10:02
f5
f5
K17263 : OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564
2015-09-17 00:00:00
K15780 : OpenSSH vulnerabilities CVE-2014-2532 and CVE-2014-2653
2015-09-17 00:00:00
SOL17263 - OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564
2015-09-16 00:00:00
aix
aix
AIX OpenSSH Vulnerability
2014-06-17 04:07:12
AIX OpenSSH Vulnerability
2015-10-21 09:17:40
AIX OpenSSH Vulnerability
2016-01-29 16:13:16
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:16.openssh
2015-07-28 00:00:00
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]
2015-08-02 00:00:00
[USN-2164-1] OpenSSH vulnerability
2014-04-08 00:00:00
OpenSSH protection bypass
2014-04-08 00:00:00
debian
debian
[SECURITY] [DSA 2894-1] openssh security update
2014-04-05 15:06:01
[BSA-095] Security Update for openssh
2014-04-30 10:16:12
[SECURITY] [DSA 2894-1] openssh security update
2014-04-05 15:06:01
osv
osv
openssh - security update
2014-04-05 00:00:00
openssh - security update
2015-09-30 00:00:00
openssh - security update
2018-09-10 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2015-08-14 00:00:00
OpenSSH regression
2015-08-18 00:00:00
OpenSSH vulnerability
2014-04-07 00:00:00
zdt
zdt
OpenSSH 6.8-6.9 pty issue Privilege Escalation Vulnerability
2015-09-04 00:00:00
OpenSSH 6.8 < 6.9 - PTY Privilege Escalation Exploit
2017-01-26 00:00:00
prion
prion
Code injection
2015-08-24 01:59:00
Authentication flaw
2014-12-06 15:59:00
Design/Logic Flaw
2015-08-24 01:59:00
cve
cve
CVE-2015-6565
2015-08-24 01:59:02
CVE-2014-9278
2014-12-06 15:59:07
CVE-2014-2653
2014-03-27 10:55:04
debiancve
debiancve
CVE-2014-9278
2014-12-06 15:59:07
CVE-2015-6565
2015-08-24 01:59:02
CVE-2015-6564
2015-08-24 01:59:01
ubuntucve
ubuntucve
CVE-2014-9278
2014-12-06 00:00:00
CVE-2015-6565
2015-08-24 00:00:00
CVE-2015-6564
2015-08-24 00:00:00
nvd
nvd
CVE-2015-6565
2015-08-24 01:59:02
CVE-2014-9278
2014-12-06 15:59:07
CVE-2015-6563
2015-08-24 01:59:00
exploitpack
exploitpack
OpenSSH 6.8 6.9 - PTY Local Privilege Escalation
2017-01-26 00:00:00
cvelist
cvelist
CVE-2015-6565
2015-08-24 00:00:00
CVE-2014-9278
2014-12-06 15:00:00
CVE-2014-2653
2014-03-27 10:00:00
veracode
veracode
Privilege Escalation
2019-05-02 05:29:33
Weak Authentication
2019-05-02 05:12:49
Authorization Bypass
2019-01-15 09:11:25
mageia
mageia
Updated openssh packages fix CVE-2014-2653
2014-04-08 16:49:25
archlinux
archlinux
openssh: authentication limits bypass
2015-07-23 00:00:00
slackware
slackware
[slackware-security] openssh
2014-10-20 22:50:45
seebug
seebug
OpenSSH 'child_set_env()'函数安全绕过漏洞
2014-03-25 00:00:00

0.164 Low

EPSS

Percentile

96.0%

JSON
Related for SMNTC-1337
openvas37gentoo1nessus56oraclelinux4amazon3fedora5freebsd1ibm12altlinux2centos4redhat4suse1f58aix3freebsd_advisory1securityvulns3debian5osv3ubuntu4zdt2prion4cve5debiancve5ubuntucve7nvd4exploitpack1cvelist6veracode4mageia1archlinux1slackware1seebug1