FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

Affected packages
openssh-portable < 7.3.p1,1

Details

VuXML ID adccefd1-7080-11e6-a2cb-c80aa9043978
Discovery 2016-08-01
Entry 2016-09-01

The OpenSSH project reports:

* sshd(8): Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari at verint.com

* sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes. If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh.

References

CVE Name CVE-2015-8325
CVE Name CVE-2016-6210
URL http://www.openssh.com/txt/release-7.3