vulnerability
Oracle Linux: CVE-2016-6515: ELSA-2017-2029: openssh security, bug fix, and enhancement update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jul 21, 2016 | Aug 8, 2017 | Dec 3, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jul 21, 2016
Added
Aug 8, 2017
Modified
Dec 3, 2025
Description
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords.
It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords.
Solutions
oracle-linux-upgrade-opensshoracle-linux-upgrade-openssh-askpassoracle-linux-upgrade-openssh-cavsoracle-linux-upgrade-openssh-clientsoracle-linux-upgrade-openssh-keycatoracle-linux-upgrade-openssh-ldaporacle-linux-upgrade-openssh-serveroracle-linux-upgrade-openssh-server-sysvinitoracle-linux-upgrade-pam-ssh-agent-auth
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.