CVE-2018-15473
Description
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
90.356
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.0 | Windows |
| SUSE-SU-2018:3781-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-6.6p1-36.6.1.i586.rpm | Linux |
| SUSE-SU-2018:3781-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-6.6p1-36.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3781-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-askpass-gnome-6.6p1-36.6.1.i586.rpm | Linux |
| SUSE-SU-2018:3781-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-askpass-gnome-6.6p1-36.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3781-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-fips-6.6p1-36.6.1.i586.rpm | Linux |
| SUSE-SU-2018:3781-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-fips-6.6p1-36.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3781-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-helpers-6.6p1-36.6.1.i586.rpm | Linux |
| SUSE-SU-2018:3781-1(SUSE Linux Enterprise Server 11-SP4 ) openssh-helpers-6.6p1-36.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3910-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-7.2p2-74.30.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3910-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-askpass-gnome-7.2p2-74.30.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3910-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-askpass-gnome-debuginfo-7.2p2-74.30.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3910-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-debuginfo-7.2p2-74.30.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3910-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-debugsource-7.2p2-74.30.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3910-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-helpers-7.2p2-74.30.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3910-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssh-helpers-debuginfo-7.2p2-74.30.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3910-1(SUSE Linux Enterprise Server 12-SP3 ) openssh-fips-7.2p2-74.30.1.x86_64.rpm | Linux |
| Openssh update (ELSA-2019-0711) openssh-5.3p1-124.el6_10.x86_64.rpm | Linux |
| Openssh-askpass update (ELSA-2019-0711) openssh-askpass-5.3p1-124.el6_10.x86_64.rpm | Linux |
| Openssh-clients update (ELSA-2019-0711) openssh-clients-5.3p1-124.el6_10.x86_64.rpm | Linux |
| Openssh-ldap update (ELSA-2019-0711) openssh-ldap-5.3p1-124.el6_10.x86_64.rpm | Linux |
| Openssh-server update (ELSA-2019-0711) openssh-server-5.3p1-124.el6_10.x86_64.rpm | Linux |
| Pam_ssh_agent_auth update (ELSA-2019-0711) pam_ssh_agent_auth-0.9.3-124.el6_10.x86_64.rpm | Linux |
| Openssh update (ELSA-2019-0711) openssh-5.3p1-124.el6_10.i686.rpm | Linux |
| Openssh-askpass update (ELSA-2019-0711) openssh-askpass-5.3p1-124.el6_10.i686.rpm | Linux |
| Openssh-clients update (ELSA-2019-0711) openssh-clients-5.3p1-124.el6_10.i686.rpm | Linux |
| Openssh-ldap update (ELSA-2019-0711) openssh-ldap-5.3p1-124.el6_10.i686.rpm | Linux |
| Openssh-server update (ELSA-2019-0711) openssh-server-5.3p1-124.el6_10.i686.rpm | Linux |
| Pam_ssh_agent_auth update (ELSA-2019-0711) pam_ssh_agent_auth-0.9.3-124.el6_10.i686.rpm | Linux |
| Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability (CVE-2018-15473) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234