pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/c9f2/ALT-PU-2016-1200/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

318 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20161200",
"Version": "oval:org.altlinux.errata:def:20161200",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-1200: package `openssh` update to version 7.2p1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-1200",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1200",
"Source": "ALTPU"
},
{
"RefID": "BDU:2016-00407",
"RefURL": "https://bdu.fstec.ru/vul/2016-00407",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00819",
"RefURL": "https://bdu.fstec.ru/vul/2016-00819",
"Source": "BDU"
},
{
"RefID": "BDU:2016-02237",
"RefURL": "https://bdu.fstec.ru/vul/2016-02237",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01263",
"RefURL": "https://bdu.fstec.ru/vul/2017-01263",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00117",
"RefURL": "https://bdu.fstec.ru/vul/2018-00117",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01913",
"RefURL": "https://bdu.fstec.ru/vul/2019-01913",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01914",
"RefURL": "https://bdu.fstec.ru/vul/2019-01914",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07416",
"RefURL": "https://bdu.fstec.ru/vul/2022-07416",
"Source": "BDU"
},
{
"RefID": "CVE-2015-8325",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8325",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0777",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0777",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0778",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0778",
"Source": "CVE"
},
{
"RefID": "CVE-2016-1907",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-1907",
"Source": "CVE"
},
{
"RefID": "CVE-2016-1908",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-1908",
"Source": "CVE"
},
{
"RefID": "CVE-2016-3115",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-3115",
"Source": "CVE"
},
{
"RefID": "CVE-2016-6210",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-6210",
"Source": "CVE"
},
{
"RefID": "CVE-2016-6515",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-6515",
"Source": "CVE"
}
],
"Description": "This update upgrades openssh to version 7.2p1-alt1. \nSecurity Fix(es):\n\n * BDU:2016-00407: Уязвимость средства криптографической защиты OpenSSH, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-00819: Уязвимости средства криптографической защиты OpenSSH, позволяющие нарушителю обойти ограничения интерпретатора команд\n\n * BDU:2016-02237: Уязвимость сетевого протокола ssh, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2017-01263: Уязвимость клиента средства криптографической защиты OpenSSH, позволяющая нарушителю получить доверенные права при взаимодействии с X11-сервером\n\n * BDU:2018-00117: Уязвимость функции auth_password службы sshd средства криптографической защиты OpenSSH, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01913: Уязвимость функции resend_bytes средства криптографической защиты OpenSSH, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2019-01914: Уязвимость функций roaming_read и roaming_write средства криптографической защиты OpenSSH, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-07416: Уязвимость функции do_setup_env (session.c) службы sshd средства криптографической защиты OpenSSH, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2015-8325: The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.\n\n * CVE-2016-0777: The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.\n\n * CVE-2016-0778: The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.\n\n * CVE-2016-1907: The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.\n\n * CVE-2016-1908: The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.\n\n * CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.\n\n * CVE-2016-6210: sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.\n\n * CVE-2016-6515: The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-03-09"
},
"Updated": {
"Date": "2016-03-09"
},
"BDUs": [
{
"ID": "BDU:2016-00407",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2016-00407",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00819",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"CWE": "CWE-93",
"Href": "https://bdu.fstec.ru/vul/2016-00819",
"Impact": "Low",
"Public": "20160322"
},
{
"ID": "BDU:2016-02237",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2016-02237",
"Impact": "Low",
"Public": "20160718"
},
{
"ID": "BDU:2017-01263",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2017-01263",
"Impact": "High",
"Public": "20170411"
},
{
"ID": "BDU:2018-00117",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2018-00117",
"Impact": "High",
"Public": "20160721"
},
{
"ID": "BDU:2019-01913",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2019-01913",
"Impact": "Low",
"Public": "20160114"
},
{
"ID": "BDU:2019-01914",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01914",
"Impact": "High",
"Public": "20160114"
},
{
"ID": "BDU:2022-07416",
"CVSS": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2022-07416",
"Impact": "High",
"Public": "20160430"
}
],
"CVEs": [
{
"ID": "CVE-2015-8325",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8325",
"Impact": "High",
"Public": "20160501"
},
{
"ID": "CVE-2016-0777",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0777",
"Impact": "Low",
"Public": "20160114"
},
{
"ID": "CVE-2016-0778",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0778",
"Impact": "High",
"Public": "20160114"
},
{
"ID": "CVE-2016-1907",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-1907",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "CVE-2016-1908",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-287",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-1908",
"Impact": "Critical",
"Public": "20170411"
},
{
"ID": "CVE-2016-3115",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-3115",
"Impact": "Low",
"Public": "20160322"
},
{
"ID": "CVE-2016-6210",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-6210",
"Impact": "Low",
"Public": "20170213"
},
{
"ID": "CVE-2016-6515",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-6515",
"Impact": "High",
"Public": "20160807"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20161200001",
"Comment": "openssh is earlier than 0:7.2p1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161200002",
"Comment": "openssh-askpass-common is earlier than 0:7.2p1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161200003",
"Comment": "openssh-clients is earlier than 0:7.2p1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161200004",
"Comment": "openssh-common is earlier than 0:7.2p1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161200005",
"Comment": "openssh-keysign is earlier than 0:7.2p1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161200006",
"Comment": "openssh-server is earlier than 0:7.2p1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161200007",
"Comment": "openssh-server-control is earlier than 0:7.2p1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink