SB2017032001 - Multiple vulnerabilities in OpenSSH

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017032001

SB2017032001 - Multiple vulnerabilities in OpenSSH

Published: March 20, 2017

Security Bulletin ID SB2017032001
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Padding oracle (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incomplete fix of CBC padding oracle countermeasures, allowing a variant of the attack fixed in OpenSSH 7.3 (SB2016080201 #3). A remote attacker can force the ssh client to use weak CBC ciphers and decrypt ssh session.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information.


2) Directory traversal (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists in sftp-client in portable version of OpenSSH when processing file names. A remote attacker can trick the victim to connect to a malicious SFTP server and perform operations on files with specially crafted file names, containing directory traversal sequences (e.g. ../../).

Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the victim’s system.


Remediation

Install update from vendor's website.

References