CVE-2015-5600


Severity : LOW
Published : 2015-08-02
Modified : 2016-12-23
Base Score : 8.5
Details : The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
Product/Version : Carrier Grade CGE 7.0  
Carrier Grade CGE 6.0  
Carrier Grade CGE 6.0  
Carrier Grade CGE 4.0  
 
 
 

CVE Vulnerabilities List CVE-2015

CVE-2015-0204 CVE-2015-0209 CVE-2015-0235 CVE-2015-0247
CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289
CVE-2015-0292 CVE-2015-0293 CVE-2015-1421 CVE-2015-1572
CVE-2015-1781 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790
CVE-2015-1791 CVE-2015-1792 CVE-2015-2922 CVE-2015-3195
CVE-2015-3339 CVE-2015-3405 CVE-2015-4000 CVE-2015-4022
CVE-2015-4024 CVE-2015-4047 CVE-2015-4643 CVE-2015-5312
CVE-2015-5477 CVE-2015-5600 CVE-2015-5722 CVE-2015-6563
CVE-2015-6564 CVE-2015-6565 CVE-2015-7497 CVE-2015-7498
CVE-2015-7499 CVE-2015-7500 CVE-2015-7691 CVE-2015-7692
CVE-2015-7701 CVE-2015-7702 CVE-2015-7704 CVE-2015-7852
CVE-2015-7941 CVE-2015-7942 CVE-2015-7981 CVE-2015-8126
CVE-2015-8158 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317
CVE-2015-8325 CVE-2015-8472 CVE-2015-8540 CVE-2015-8665
CVE-2015-8683 CVE-2015-8704 CVE-2015-8777 CVE-2015-8778
CVE-2015-8779 CVE-2015-8784