CVE编号
CVE-2018-15473利用情况
POC 已公开补丁情况
官方补丁披露时间
2018-08-18漏洞描述
OpenSSH 7.7 之前的版本对认证失败的用户bailout 直到包含请求的包完全被处理之前都未做延迟处理,导致可以进行用户枚举。此问题存在于auth2.-gss.c, auth2-hostbased.c和auth2-pubkey.c文件中。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
参考链接 |
|
|---|---|
| http://www.openwall.com/lists/oss-security/2018/08/15/5 | |
| http://www.securityfocus.com/bid/105140 | |
| http://www.securitytracker.com/id/1041487 | |
| https://access.redhat.com/errata/RHSA-2019:0711 | |
| https://access.redhat.com/errata/RHSA-2019:2143 | |
| https://bugs.debian.org/906236 | |
| https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html | |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011 | |
| https://security.gentoo.org/glsa/201810-03 | |
| https://security.netapp.com/advisory/ntap-20181101-0001/ | |
| https://usn.ubuntu.com/3809-1/ | |
| https://www.debian.org/security/2018/dsa-4280 | |
| https://www.exploit-db.com/exploits/45210/ | |
| https://www.exploit-db.com/exploits/45233/ | |
| https://www.exploit-db.com/exploits/45939/ | |
| https://www.oracle.com/security-alerts/cpujan2020.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | netapp | aff_baseboard_management_controller | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | cloud_backup | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | data_ontap_edge | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | fas_baseboard_management_controller | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | oncommand_unified_manager | * |
From (including) 9.4 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | ontap_select_deploy | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | service_processor | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | steelstore_cloud_integrated_storage | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | storage_replication_adapter | * |
From (including) 7.2 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | vasa_provider | * |
From (including) 7.2 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | netapp | virtual_storage_console | * |
From (including) 7.2 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | openbsd | openssh | * |
Up to (including) 7.7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alibaba_cloud_linux_2.1903 | openssh | * |
Up to (excluding) 7.4p1-21.1.al7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | openssh | * |
Up to (excluding) 7.7_p1-r4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | openssh | * |
Up to (excluding) 7.7_p1-r4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | openssh | * |
Up to (excluding) 7.7_p1-r4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | openssh | * |
Up to (excluding) 7.7_p1-r4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | openssh | * |
Up to (excluding) 7.7_p1-r4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | openssh | * |
Up to (excluding) 7.7_p1-r4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.5 | openssh | * |
Up to (excluding) 7.4_p1-r2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.6 | openssh | * |
Up to (excluding) 7.5_p1-r3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.7 | openssh | * |
Up to (excluding) 7.5_p1-r9 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.8 | openssh | * |
Up to (excluding) 7.7_p1-r3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.9 | openssh | * |
Up to (excluding) 7.7_p1-r4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | openssh | * |
Up to (excluding) 7.7_p1-r4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | openssh | * |
Up to (excluding) 7.4p1-16.amzn2.0.5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_AMI | openssh | * |
Up to (excluding) 0.10.3-2.16.71.amzn1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | centos_6 | openssh | * |
Up to (excluding) 5.3p1-124.el6_10 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_8 | openssh | * |
Up to (excluding) 1:6.7p1-5+deb8u6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | openssh | * |
Up to (excluding) 1:7.4p1-10+deb9u4 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_27 | openssh | * |
Up to (excluding) 7.6p1-6.fc27 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_28 | openssh | * |
Up to (excluding) 7.8p1-1.fc28 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.0 | openssh | * |
Up to (excluding) 7.6p1-lp150.8.3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | openssh | * |
Up to (excluding) 2.5.0-lp152.2.3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.3 | openssh | * |
Up to (excluding) 2.5.0-bp153.2.3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.3 | openssh | * |
Up to (excluding) 7.2p2-25.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_6 | openssh | * |
Up to (excluding) 0.9.3-124.el6_10 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_7 | openssh | * |
Up to (excluding) 7.4p1-21.el7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_11_SP4 | openssh | * |
Up to (excluding) 36.6.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP3 | openssh | * |
Up to (excluding) 74.30.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP4 | openssh | * |
Up to (excluding) 74.30.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_14.04 | openssh | * |
Up to (excluding) 1:6.6p1-2ubuntu2.11 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04 | openssh | * |
Up to (excluding) 1:7.2p2-4ubuntu2.6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04 | openssh | * |
Up to (excluding) 1:7.6p1-4ubuntu0.1 |
|||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 POC 已公开
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...