CVE-2016-6515

Priority
Medium
Description
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3
does not limit password lengths for password authentication, which allows
remote attackers to cause a denial of service (crypt CPU consumption) via a
long string.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (1:7.3p1-1)
Ubuntu 17.10 (Artful Aardvark):not-affected (1:7.3p1-1)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:5.9p1-5ubuntu1.10)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:6.6p1-2ubuntu2.8)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:7.2p2-4ubuntu2.1)
Ubuntu 17.04 (Zesty Zapus):not-affected (1:7.3p1-1)
Patches:
Upstream:https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97
More Information

Updated: 2017-10-17 19:14:21 UTC (commit 13537)