#VU2088 Improper input validation in OpenSSH

Cybersecurity Help s.r.o.

Published: 2016-12-21

Vulnerability identifier: #VU2088

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSH
Server applications / Remote management servers, RDP, SSH

Vendor: OpenSSH

Description
The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error in sshd, which can be used to bypass address-based access controls if the AllowUser directive is configured with invalid CIDR address ranges.

Successful exploitation of this vulnerability may allow a remote attacker to bypass implemented access control mechanisms and perform a further attacks against vulnerable system.

Mitigation
Install the latest version of OpenSSH 7.4.

Vulnerable software versions

OpenSSH: 7.3p1

External links
https://www.openssh.com/txt/release-7.4

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for cockpit

Multiple vulnerabilities in OpenSSH