OpenSSH 6.x Multiple Vulnerabilities

0

A security scan of our network has highlighted that our Kemp HLBs have a vulnerability.

Version source : SSH-2.0-OpenSSH_6.7
Installed version : 6.7
Fixed version : 7.0

Are there any plans to upgrade to OpenSSH v7 very soon ?

This is the output from the scan:

CRITICAL OpenSSH < 7.0 Multiple Vulnerabilities
Description

According to its banner, the version of OpenSSH running on the remote host is prior to 7.0. It is, therefore, affected by the following vulnerabilities :

  • A flaw exists in the kbdint_next_device() function in file auth2-chall.c that allows the circumvention of MaxAuthTries during keyboard-interactive authentication.
    An attacker can exploit this issue to force the same authentication method to be tried thousands of times in a single pass by using a crafted keyboard-interactive 'devices' string, thus allowing a brute-force attack or causing a denial of service. (CVE-2015-5600)

  • A security bypass vulnerability exists in sshd related to PAM support. An authenticated, remote attacker can exploit this to impact the pre-authentication process, allowing the possible execution of arbitrary code. Note that this issue only affects Portable OpenSSH.
    (OSVDB 126030)

  • A flaw exists in sshd due to setting insecure world-writable permissions for TTYs. A local attacker can exploit this, by injecting crafted terminal escape sequences, to execute commands for logged-in users.
    (OSVDB 126031)

  • A use-after-free error exists in sshd related to PAM support. A remote attacker can exploit this to impact the pre-authentication process, allowing the possible execution of arbitrary code. Note that this issue only affects Portable OpenSSH. (OSVDB 126033)

Solution
Upgrade to OpenSSH 7.0 or later.

See Also
http://www.openssh.com/txt/release-7.0

3 comments

Avatar
0
James Rago -- K360 Technical Product Manager

We are currently investigating upgrading to version 7.0 and above. I will update this tread when I am more info on a timeline.

Avatar
0
chris.veighey

Is there any update to this?  We have the same problem.  We have just installed Kemp firmware 7.1-30-75 and this is still not resolved.

 

 

Avatar
0
Christian Scheller

The vulnerability is scheduled to be fixed with the upcoming F/W version 7.1-32. We would like to apologize for the inconvenience in the meantime.

 

You may want to restrict access to sshd by setting permitted interfaces in the "Remote Access" section to prevent exploitation from external.

 

KEMP Customer Service