Added version check for OpenSSH user enumeration (CVE-2018-15473). (#83)

2025-06-21 18:23:40 +02:00 · 2020-11-05 20:24:09 -05:00
parent 5c8dc5105b
commit 0d9881966c
10 changed files with 14 additions and 4 deletions
--- a/test/docker/expected_results/openssh_4.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_4.0p1_test1.txt
@ -6,6 +6,7 @@
 [0;32m(gen) compression: enabled (zlib)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2018-15473                      -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
 [0;33m(cve) CVE-2016-3115                       -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2014-1692                       -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
 [0;33m(cve) CVE-2012-0814                       -- (CVSSv2: 3.5) leak data via debug messages[0m
--- a/test/docker/expected_results/openssh_5.6p1_test1.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test1.txt
@ -5,6 +5,7 @@
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
--- a/test/docker/expected_results/openssh_5.6p1_test2.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test2.txt
@ -5,6 +5,7 @@
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
--- a/test/docker/expected_results/openssh_5.6p1_test3.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test3.txt
@ -5,6 +5,7 @@
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
--- a/test/docker/expected_results/openssh_5.6p1_test4.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test4.txt
@ -5,6 +5,7 @@
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
--- a/test/docker/expected_results/openssh_5.6p1_test5.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test5.txt
@ -5,6 +5,7 @@
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
--- a/test/test_ssh1.py
+++ b/test/test_ssh1.py
@ -134,7 +134,7 @@ class TestSSH1:
        output_spy.begin()
        self.audit(self._conf())
        lines = output_spy.flush()
-        assert len(lines) == 13
+        assert len(lines) == 14

    def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
        vsocket = virtual_socket
@ -147,7 +147,7 @@ class TestSSH1:
        ret = self.audit(self._conf())
        assert ret != 0
        lines = output_spy.flush()
-        assert len(lines) == 7
+        assert len(lines) == 8
        assert 'unknown message' in lines[-1]

    def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):
--- a/test/test_ssh2.py
+++ b/test/test_ssh2.py
@ -143,7 +143,7 @@ class TestSSH2:
        output_spy.begin()
        self.audit(self._conf())
        lines = output_spy.flush()
-        assert len(lines) == 67
+        assert len(lines) == 68

    def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket):
        vsocket = virtual_socket
@ -155,5 +155,5 @@ class TestSSH2:
        ret = self.audit(self._conf())
        assert ret != 0
        lines = output_spy.flush()
-        assert len(lines) == 3
+        assert len(lines) == 4
        assert 'unknown message' in lines[-1]