CVE-2018-15473

Impact:
Low
Public Date:
2018-08-16
CWE:
CWE-200
Bugzilla:
1619063: CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests

The MITRE CVE dictionary describes this issue as:

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Find out more about CVE-2018-15473 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Product Security has rated this issue as having Low severity. An attacker could use this flaw to determine whether given usernames exist or not on the server, but no further information is disclosed and there is no availability or integrity impact. A future update may address this issue.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (openssh) RHSA-2019:2143 2019-08-06
Red Hat Enterprise Linux 6 (openssh) RHSA-2019:0711 2019-04-09

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 openssh Not affected
Red Hat Enterprise Linux 5 openssh Will not fix
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Mitigation

Configuring your firewall to limit the origin and/or rate of incoming ssh connections (using the netfilter xt_recent module) will limit the impact of this attack, as it requires a new TCP connection for each username tested. This configuration also provides some protection against brute-force attacks on SSH passwords or keys.

See the following article for more information on limiting access to SSHD: https://access.redhat.com/solutions/8687

Last Modified

CVE description copyright © 2017, The MITRE Corporation