CVE-2016-6515: openssh: Denial of service via very long passwords

CVE ID

CVE-2016-6515

DESCRIPTION

It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords.

RESOLUTION

  • CentOS6 based Unitrends' appliances (physical and/or virtual), no fix is required.
  • CentOS7 based Unitrends' appliances (physical and/or virtual), fix is in openssh-7.4p1-11.el7 and Unitrends' initial release of CentOS7 was with oepnssh-7.4p1-16.el7.

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us