Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2015:1581-1)
Summary:The remote host is missing an update for the 'openssh' package(s) announced via the SUSE-SU-2015:1581-1 advisory.
The remote host is missing an update for the 'openssh' package(s) announced via the SUSE-SU-2015:1581-1 advisory.

Vulnerability Insight:
openssh was updated to fix several security issues and bugs.
These security issues were fixed:
* CVE-2015-5352: The x11_open_helper function in channels.c in ssh in
OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the
refusal deadline for X connections, which made it easier for remote
attackers to bypass intended access restrictions via a connection outside
of the permitted time window (bsc#936695).
* CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd
in OpenSSH did not properly restrict the processing of
keyboard-interactive devices within a single connection, which made it
easier for remote attackers to conduct brute-force attacks or cause a
denial of service (CPU consumption) via a long and duplicative list in
the ssh -oKbdInteractiveDevices option, as demonstrated by a modified
client that provides a different password for each pam element on this
list (bsc#938746).
* CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM
* Hardening patch to fix sftp RCE (bsc#903649).
* CVE-2015-6563: The monitor component in sshd in OpenSSH accepted
extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which
allowed local users to conduct impersonation attacks by leveraging any
SSH login access in conjunction with control of the sshd uid to send a
crafted MONITOR_REQ_PWNAM request, related to monitor.c and
* CVE-2015-6564: Use-after-free vulnerability in the
mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might
have allowed local users to gain privileges by leveraging control of the
sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
These non-security issues were fixed:
- bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential
for oom_killer.
- bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to
WebSphere mqm user.
- bsc#916549: Fixed support for

Affected Software/OS:
'openssh' package(s) on SUSE Linux Enterprise Server for VMWare 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-4000
BugTraq ID: 74733
BugTraq ID: 91787
Debian Security Information: DSA-3287 (Google Search)
Debian Security Information: DSA-3300 (Google Search)
Debian Security Information: DSA-3316 (Google Search)
Debian Security Information: DSA-3324 (Google Search)
Debian Security Information: DSA-3339 (Google Search)
Debian Security Information: DSA-3688 (Google Search)
HPdes Security Advisory: HPSBGN03351
HPdes Security Advisory: HPSBGN03361
HPdes Security Advisory: HPSBGN03362
HPdes Security Advisory: HPSBGN03373
HPdes Security Advisory: HPSBGN03399
HPdes Security Advisory: HPSBGN03402
HPdes Security Advisory: HPSBGN03404
HPdes Security Advisory: HPSBGN03405
HPdes Security Advisory: HPSBGN03407
HPdes Security Advisory: HPSBGN03411
HPdes Security Advisory: HPSBGN03533
HPdes Security Advisory: HPSBMU03345
HPdes Security Advisory: HPSBMU03356
HPdes Security Advisory: HPSBMU03401
HPdes Security Advisory: HPSBUX03363
HPdes Security Advisory: HPSBUX03388
HPdes Security Advisory: HPSBUX03512
HPdes Security Advisory: SSRT102112
HPdes Security Advisory: SSRT102180
HPdes Security Advisory: SSRT102254
NETBSD Security Advisory: NetBSD-SA2015-008
RedHat Security Advisories: RHSA-2015:1072
RedHat Security Advisories: RHSA-2015:1185
RedHat Security Advisories: RHSA-2015:1197
RedHat Security Advisories: RHSA-2015:1228
RedHat Security Advisories: RHSA-2015:1229
RedHat Security Advisories: RHSA-2015:1230
RedHat Security Advisories: RHSA-2015:1241
RedHat Security Advisories: RHSA-2015:1242
RedHat Security Advisories: RHSA-2015:1243
RedHat Security Advisories: RHSA-2015:1485
RedHat Security Advisories: RHSA-2015:1486
RedHat Security Advisories: RHSA-2015:1488
RedHat Security Advisories: RHSA-2015:1526
RedHat Security Advisories: RHSA-2015:1544
RedHat Security Advisories: RHSA-2015:1604
RedHat Security Advisories: RHSA-2016:1624
RedHat Security Advisories: RHSA-2016:2056
SuSE Security Announcement: SUSE-SU-2015:1143 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1150 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1177 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1181 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1182 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1183 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1184 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1185 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1268 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1269 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1319 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1320 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1663 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0224 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0262 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1139 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1209 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1229 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1277 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1288 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1289 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1684 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0226 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0255 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0261 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0478 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0483 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-5352
BugTraq ID: 75525
RedHat Security Advisories: RHSA-2016:0741
Common Vulnerability Exposure (CVE) ID: CVE-2015-5600
BugTraq ID: 75990
BugTraq ID: 92012
RedHat Security Advisories: RHSA-2016:0466
Common Vulnerability Exposure (CVE) ID: CVE-2015-6563
BugTraq ID: 76317
Common Vulnerability Exposure (CVE) ID: CVE-2015-6564
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.