Wind River Support Network

HomeDefectsLIN5-22081
Fixed

LIN5-22081 : Security Advisory - openssh - CVE-2016-8858

Created: Nov 2, 2016    Updated: May 29, 2018
Resolved Date: Nov 10, 2016
Found In Version: 5.0.1.37
Fix Version: 5.0.1.38
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

A memory exhaustion issue in OpenSSH that can be triggered before user authentication was found. An unauthenticated attacker could consume approx. 400 MB of memory per each connection. The attacker could set up multiple such connections to run out of server’s memory. 

Source: https://bugzilla.redhat.com/show_bug.cgi?id=1384860#c5

It is stated that "Affected versions: openssh-6.8p1, openssh-6.9p1, openssh-7.0p1, openssh-7.1p1, openssh-7.2p1, openssh-7.3p1. " but it could affect openssh 6.0 code from wrl5.

Upstream patch: https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8858

Steps to Reproduce

-

Other Downloads


Live chat
Online