cve 2018 15473 exploitdb

Description. His initial efforts were amplified by countless hours of community preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"openssh-7.8p1-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-06T00:45:20", "description": "According to the version of the openssh packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - OpenSSH through 7.7 is prone to a user enumeration\n vulnerability due to not delaying bailout for an\n invalid authenticating user until after the packet\n containing the request has been fully parsed, related\n to auth2-gss.c, auth2-hostbased.c, and\n auth2-pubkey.c.

Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n\n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\nftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n\n Complete CVSS v3 Guide:\n http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2018-15473) \n https://www-01.ibm.com/support/docview.wss?uid=ibm10733751\n\n\nACKNOWLEDGEMENTS:\n\n None\n\n\nCHANGE HISTORY:\n\n First Issued: Wed Oct 24 11:28:50 CDT 2018\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will\nultimately impact the Overall CVSS Score.
SearchSploit Manual.

(CVE-2018-15473)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. GET CERTIFIED. over to ", "edition": 11, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-04-11T00:00:00", "title": "Oracle Linux 6 : openssh (ELSA-2019-0711)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15473"], "modified": "2020-08-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-server", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-ldap", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:pam_ssh_agent_auth"], "id": "ORACLELINUX_ELSA-2019-0711.NASL", "href": "https://www.tenable.com/plugins/nessus/123986", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:0711 and \n# Oracle Linux Security Advisory ELSA-2019-0711 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123986);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2018-15473\");\n script_xref(name:\"RHSA\", value:\"2019:0711\");\n\n script_name(english:\"Oracle Linux 6 : openssh (ELSA-2019-0711)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:0711 :\n\nAn update for openssh is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. :Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (? A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nOpenSSH is an SSH protocol implementation supported by a number of\nLinux, UNIX, and similar operating systems. OpenSSH 2.3 < 7.7 - Username …
YMMV.\n },\n 'Author' => [\n 'kenkeiras', # Timing attack\n 'Dariusz Tytko', # Malformed packet\n 'Michal Sajdak', # Malformed packet\n 'Qualys', # Malformed packet\n 'wvu' # Malformed packet\n ],\n 'References' => [\n ['CVE', '2003-0190'],\n ['CVE', '2006-5229'],\n ['CVE', '2016-6210'],\n ['CVE', '2018-15473'],\n ['OSVDB', '32721'],\n ['BID', '20418'],\n ['URL', 'https://seclists.org/oss-sec/2018/q3/124'],\n ['URL', 'https://sekurak.pl/openssh-users-enumeration-cve-2018-15473/']\n ],\n 'License' => MSF_LICENSE,\n 'Actions' => [\n ['Malformed Packet',\n 'Description' => 'Use a malformed packet',\n 'Type' => :malformed_packet\n ],\n ['Timing Attack',\n 'Description' => 'Use a timing attack',\n 'Type' => :timing_attack\n ]\n ],\n 'DefaultAction' => 'Malformed Packet'\n ))\n\n register_options(\n [\n Opt::Proxies,\n Opt::RPORT(22),\n OptString.new('USERNAME',\n [false, 'Single username to test (username spray)']),\n OptPath.new('USER_FILE',\n [false, 'File containing usernames, one per line']),\n OptInt.new('THRESHOLD',\n [true,\n 'Amount of seconds needed before a user is considered ' \\\n 'found (timing attack only)', 10]),\n OptBool.new('CHECK_FALSE',\n [false, 'Check for false positives (random username)', false])\n ]\n )\n\n register_advanced_options(\n [\n OptInt.new('RETRY_NUM',\n [true , 'The number of attempts to connect to a SSH server' \\\n ' for each user', 3]),\n OptInt.new('SSH_TIMEOUT',\n [false, 'Specify the maximum time to negotiate a SSH session',\n 10]),\n OptBool.new('SSH_DEBUG',\n [false, 'Enable SSH debugging output (Extreme verbosity!

CVE-2018-15473 .

CVE-2018-15473 Detail Modified.