Information disclosure in OpenSSH

#VU14548 Information disclosure in OpenSSH

Cybersecurity Help s.r.o.

Published: 2018-08-28 | Updated: 2018-08-29

Vulnerability identifier: #VU14548

Vulnerability risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-15919

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSH
Server applications / Remote management servers, RDP, SSH

Vendor: OpenSSH

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient validation of an authentication request packet when the Guide Star Server II (GSS2) component is used. A remote attacker can send an authentication request packet and access sensitive information, such as valid usernames.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

OpenSSH: 7.0p1 - 7.8

External links
http://seclists.org/oss-sec/2018/q3/180

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Cloud Tiering Appliance Family

Multiple vulnerabilities in Dell EMC Unity Family

openEuler 20.03 LTS update for openssh

OpenSUSE Linux update for openssh

Information disclosure in OpenSSH

Information disclosure in Debian openssh package