- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LDE
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
– ————————————————————————-
Debian Security Advisory DSA-3626-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016 https://www.debian.org/security/faq
– ————————————————————————-
Package : openssh
CVE ID : CVE-2016-6210
Debian Bug : 831902
Eddie Harari reported that the OpenSSH SSH daemon allows user
enumeration through timing differences when trying to authenticate
users. When sshd tries to authenticate a non-existing user, it will pick
up a fixed fake password structure with a hash based on the Blowfish
algorithm. If real users passwords are hashed using SHA256/SHA512, then
a remote attacker can take advantage of this flaw by sending large
passwords, receiving shorter response times from the server for
non-existing users.
For the stable distribution (jessie), this problem has been fixed in
version 1:6.7p1-5+deb8u3.
For the unstable distribution (sid), this problem has been fixed in
version 1:7.2p2-6.
We recommend that you upgrade your openssh packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJXlISdAAoJEAVMuPMTQ89E50EP/2IZzNstrspvhIJzWiJ0XJpA
GHzRSK0tbMZEfolYBwPQ6Z8G7hWeBnP0sQIsCjuSbmasvjdKgOLDL90ffrsPnb2/
hHnP7SOERXHGSXmgB9/7hWQtjtxS9mDw703H9XI73Rb3DF8aVrPYUGvQb8/hIh4F
Cb/TX2rmPTievw+JWAhkwxa5yEwqrl7J2yARtwraeNujoXvOyZpogNcoQ4HkKQtG
X+nktjcs6Y8rETTNJzOAeo9HlPRDnxVaHmjN47DXk2IqpyJWYWEOX/rlvAIRKkFH
M5xtciU3POVnMqE/CYsqJFmlo0QpQI+LYFTjd6gs0bd3TN71SpV+kg36U+ujG5kk
EACgrpWKBnWdUzwYk7Ur2hj95UgXHjQDeZM69WIg9a+OemW9op9ZuYx+umb38+zd
bJnMwjvF5uzQGwyM3Nk91EjZYmxKLlv0CO1MCUBaF5Re7b6Ki2wLUmlMmGDGPRS3
Q8NFeRO9ycpFkkqaVvYkiyrTkPquBaH2MG5HUMOnBwMtg4ksTgHxIGWh975EnLTh
TealNc9LFwG3YHJw+rqTmm/YAVNJgoFR7J4mu3s381TSBhU28ZhtR9EJq5wls9gd
Ughr9rcdp0pv4RNugkWx7IxsB+tt3DXHR6fR1urCg1vu7Sc4tXGTGc+0zl9MVIe6
JAuXfU6yrbxD4t4dBq9D
=0fAi
—–END PGP SIGNATURE—–
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2016-07-0105-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
