Executive Summary

Summary
Title HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
Informations
Name HPSBUX03188 SSRT101487 First vendor Publication 2014-11-07
Vendor HP Last vendor Modification 2014-11-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c04499681

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19115
 
Oval ID: oval:org.mitre.oval:def:19115
Title: USN-2014-1 -- openssh vulnerability
Description: OpenSSH could be made to run programs if it received specially crafted network traffic from an authenticated user.
Family: unix Class: patch
Reference(s): USN-2014-1
CVE-2013-4548
Version: 5
Platform(s): Ubuntu 13.10
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22458
 
Oval ID: oval:org.mitre.oval:def:22458
Title: AIX OpenSSH Vulnerability
Description: The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4548
Version: 4
Platform(s): IBM AIX 5.3
IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24391
 
Oval ID: oval:org.mitre.oval:def:24391
Title: USN-2155-1 -- openssh vulnerability
Description: OpenSSH incorrectly handled environment restrictions with wildcards.
Family: unix Class: patch
Reference(s): USN-2155-1
CVE-2014-2532
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24470
 
Oval ID: oval:org.mitre.oval:def:24470
Title: DSA-2894-1 openssh - security update
Description: Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite.
Family: unix Class: patch
Reference(s): DSA-2894-1
CVE-2014-2532
CVE-2014-2653
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24663
 
Oval ID: oval:org.mitre.oval:def:24663
Title: USN-2164-1 -- openssh vulnerability
Description: A malicious server could bypass OpenSSH SSHFP DNS record checking.
Family: unix Class: patch
Reference(s): USN-2164-1
CVE-2014-2653
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24888
 
Oval ID: oval:org.mitre.oval:def:24888
Title: AIX OpenSSH Vulnerability
Description: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2532
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24911
 
Oval ID: oval:org.mitre.oval:def:24911
Title: AIX OpenSSH Vulnerability
Description: The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2653
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26117
 
Oval ID: oval:org.mitre.oval:def:26117
Title: SUSE-SU-2014:0818-1 -- Security update for openssh
Description: This update for OpenSSH fixes the several issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0818-1
CVE-2014-2532
CVE-2014-2653
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26805
 
Oval ID: oval:org.mitre.oval:def:26805
Title: RHSA-2014:1552: openssh security, bug fix, and enhancement update (Moderate)
Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. (CVE-2014-2653) It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. (CVE-2014-2532) This update also fixes the following bugs: * Based on the SP800-131A information security standard, the generation of a digital signature using the Digital Signature Algorithm (DSA) with the key size of 1024 bits and RSA with the key size of less than 2048 bits is disallowed after the year 2013. After this update, ssh-keygen no longer generates keys with less than 2048 bits in FIPS mode. However, the sshd service accepts keys of size 1024 bits as well as larger keys for compatibility reasons. (BZ#993580) * Previously, the openssh utility incorrectly set the oom_adj value to -17 for all of its children processes. This behavior was incorrect because the children processes were supposed to have this value set to 0. This update applies a patch to fix this bug and oom_adj is now properly set to 0 for all children processes as expected. (BZ#1010429) * Previously, if the sshd service failed to verify the checksum of an installed FIPS module using the fipscheck library, the information about this failure was only provided at the standard error output of sshd. As a consequence, the user could not notice this message and be uninformed when a system had not been properly configured for FIPS mode. To fix this bug, this behavior has been changed and sshd now sends such messages via the syslog service. (BZ#1020803) * When keys provided by the pkcs11 library were removed from the ssh agent using the "ssh-add -e" command, the user was prompted to enter a PIN. With this update, a patch has been applied to allow the user to remove the keys provided by pkcs11 without the PIN. (BZ#1042519) In addition, this update adds the following enhancements: * With this update, ControlPersist has been added to OpenSSH. The option in conjunction with the ControlMaster configuration directive specifies that the master connection remains open in the background after the initial client connection has been closed. (BZ#953088) * When the sshd daemon is configured to force the internal SFTP session, and the user attempts to use a connection other than SFTP, the appropriate message is logged to the /var/log/secure file. (BZ#997377) * Support for Elliptic Curve Cryptography modes for key exchange (ECDH) and host user keys (ECDSA) as specified by RFC5656 has been added to the openssh packages. However, they are not enabled by default and the user has to enable them manually. For more information on how to configure ECDSA and ECDH with OpenSSH, see: https://access.redhat.com/solutions/711953 (BZ#1028335) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
Family: unix Class: patch
Reference(s): RHSA-2014:1552-01
CVE-2014-2532
CVE-2014-2653
CESA-2014:1552
Version: 5
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27085
 
Oval ID: oval:org.mitre.oval:def:27085
Title: ELSA-2014-1552 -- openssh security, bug fix, and enhancement update
Description: [5.3p1-104] - ignore SIGXFSZ in postauth monitor child (#1133906) [5.3p1-103] - don't try to generate DSA keys in the init script in FIPS mode (#1118735) [5.3p1-102] - ignore SIGPIPE in ssh-keyscan (#1108836) [5.3p1-101] - ssh-add: fix fatal exit when removing card (#1042519) [5.3p1-100] - fix race in backported ControlPersist patch (#953088) [5.3p1-99.2] - skip requesting smartcard PIN when removing keys from agent (#1042519) [5.3p1-98] - add possibility to autocreate only RSA key into initscript (#1111568) - fix several issues reported by coverity [5.3p1-97] - x11 forwarding - be less restrictive when can't bind to one of available addresses (#1027197) - better fork error detection in audit patch (#1028643) - fix openssh-5.3p1-x11.patch for non-linux platforms (#1100913) [5.3p1-96] - prevent a server from skipping SSHFP lookup (#1081338) CVE-2014-2653 - ignore environment variables with embedded '=' or '\0' characters CVE-2014-2532 - backport ControlPersist option (#953088) - log when a client requests an interactive session and only sftp is allowed (#997377) - don't try to load RSA1 host key in FIPS mode (#1009959) - restore Linux oom_adj setting when handling SIGHUP to maintain behaviour over restart (#1010429) - ssh-keygen -V - relative-specified certificate expiry time should be relative to current time (#1022459) [5.3p1-95] - adjust the key echange DH groups and ssh-keygen according to SP800-131A (#993580) - log failed integrity test if /etc/system-fips exists (#1020803) - backport ECDSA and ECDH support (#1028335)
Family: unix Class: patch
Reference(s): ELSA-2014-1552
CVE-2014-2532
CVE-2014-2653
Version: 6
Platform(s): Oracle Linux 6
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27946
 
Oval ID: oval:org.mitre.oval:def:27946
Title: HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
Description: The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Family: unix Class: vulnerability
Reference(s): CVE-2014-1692
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28274
 
Oval ID: oval:org.mitre.oval:def:28274
Title: HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
Description: The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2653
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28386
 
Oval ID: oval:org.mitre.oval:def:28386
Title: HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
Description: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2532
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28406
 
Oval ID: oval:org.mitre.oval:def:28406
Title: HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
Description: The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4548
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 158
Application 1

Nessus® Vulnerability Scanner

Date Description
2016-06-15 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15780.nasl - Type : ACT_GATHER_INFO
2016-03-22 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0038.nasl - Type : ACT_GATHER_INFO
2015-10-05 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_11.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-095.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150305_openssh_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0425.nasl - Type : ACT_GATHER_INFO
2015-03-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0425.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0425.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1552.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141014_openssh_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : A secure shell client on the remote host could be used to bypass host verific...
File : openssh_sshfp_verification_weakness.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-293-01.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1552.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1552.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-369.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : A clustered file system on the remote host is affected by a memory corruption...
File : ibm_gpfs_isg3T1020637_windows.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote AIX host has a vulnerable version of OpenSSH.
File : aix_openssh_advisory4.nasl - Type : ACT_GATHER_INFO
2014-06-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_openssh-140607.nasl - Type : ACT_GATHER_INFO
2014-06-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_openssh-140606.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-875.nasl - Type : ACT_GATHER_INFO
2014-06-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6569.nasl - Type : ACT_GATHER_INFO
2014-05-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6380.nasl - Type : ACT_GATHER_INFO
2014-05-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-06.nasl - Type : ACT_GATHER_INFO
2014-04-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-068.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2164-1.nasl - Type : ACT_GATHER_INFO
2014-04-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2894.nasl - Type : ACT_GATHER_INFO
2014-04-02 Name : The remote AIX host is running a vulnerable version of OpenSSH.
File : aix_openssh_advisory3.nasl - Type : ACT_GATHER_INFO
2014-03-31 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-086-06.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2155-1.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The SSH server on the remote host is affected by multiple vulnerabilities.
File : openssh_66.nasl - Type : ACT_GATHER_INFO
2013-11-19 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-322-02.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The SSH server on the remote host is affected by a memory corruption vulnerab...
File : openssh_gcm.nasl - Type : ACT_GATHER_INFO
2013-11-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2014-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-11-12 09:23:17
  • First insertion