A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Se encontró una vulnerabilidad en OpenSSH cuando la opción VerifyHostKeyDNS está habilitada. Un ataque de máquina en el medio puede ser realizado mediante una máquina maliciosa que se hace pasar por un servidor legítimo. Este problema ocurre debido a cómo los códigos de error de OpenSSH Mishandles en condiciones específicas al verificar la clave del host. Para que un ataque se considere exitoso, el atacante debe lograr agotar el recurso de memoria del cliente primero, lo que gira la complejidad del ataque.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-390
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| openbsd | openssh | * | <built-in method update of dict object at 0x702ba6eda180> | Application |
| openbsd | openssh | 6.8 | <built-in method update of dict object at 0x702bde165040> | Application |
| openbsd | openssh | 9.9 | <built-in method update of dict object at 0x702b80d181c0> | Application |
| openbsd | openssh | 9.9 | <built-in method update of dict object at 0x702ba6ed99c0> | Application |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x702ba6eda4c0> | Application |
| netapp | ontap | 9 | <built-in method update of dict object at 0x702ba6ed9fc0> | Application |
| redhat | openshift_container_platform | 4.0 | <built-in method update of dict object at 0x702b80d1b500> | Application |
| debian | debian_linux | 11.0 | <built-in method update of dict object at 0x702bdd7d4400> | Operating System |
| debian | debian_linux | 12.0 | <built-in method update of dict object at 0x702b80d1af40> | Operating System |
| redhat | enterprise_linux | 9.0 | <built-in method update of dict object at 0x702ba6edbd80> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |