Added version check for OpenSSH user enumeration (CVE-2018-15473). (#83)

This commit is contained in:
Joe Testa
2020-11-05 20:24:09 -05:00
parent 5c8dc5105b
commit 0d9881966c
10 changed files with 14 additions and 4 deletions

View File

@ -6,6 +6,7 @@
(gen) compression: enabled (zlib)
# security
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages

View File

@ -5,6 +5,7 @@
(gen) compression: enabled (zlib@openssh.com)
# security
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

View File

@ -5,6 +5,7 @@
(gen) compression: enabled (zlib@openssh.com)
# security
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

View File

@ -5,6 +5,7 @@
(gen) compression: enabled (zlib@openssh.com)
# security
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

View File

@ -5,6 +5,7 @@
(gen) compression: enabled (zlib@openssh.com)
# security
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

View File

@ -5,6 +5,7 @@
(gen) compression: enabled (zlib@openssh.com)
# security
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid

View File

@ -134,7 +134,7 @@ class TestSSH1:
output_spy.begin()
self.audit(self._conf())
lines = output_spy.flush()
assert len(lines) == 13
assert len(lines) == 14
def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
vsocket = virtual_socket
@ -147,7 +147,7 @@ class TestSSH1:
ret = self.audit(self._conf())
assert ret != 0
lines = output_spy.flush()
assert len(lines) == 7
assert len(lines) == 8
assert 'unknown message' in lines[-1]
def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):

View File

@ -143,7 +143,7 @@ class TestSSH2:
output_spy.begin()
self.audit(self._conf())
lines = output_spy.flush()
assert len(lines) == 67
assert len(lines) == 68
def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket):
vsocket = virtual_socket
@ -155,5 +155,5 @@ class TestSSH2:
ret = self.audit(self._conf())
assert ret != 0
lines = output_spy.flush()
assert len(lines) == 3
assert len(lines) == 4
assert 'unknown message' in lines[-1]