Oracle Linux: CVE-2018-15473: ELSA-2019-2143: openssh security, bug fix, and enhancement update (LOW) (Multiple Advisories)
Description
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data confidentiality.
Solution(s)
- oracle-linux-upgrade-openssh
- oracle-linux-upgrade-openssh-askpass
- oracle-linux-upgrade-openssh-cavs
- oracle-linux-upgrade-openssh-clients
- oracle-linux-upgrade-openssh-keycat
- oracle-linux-upgrade-openssh-ldap
- oracle-linux-upgrade-openssh-server
- oracle-linux-upgrade-openssh-server-sysvinit
- oracle-linux-upgrade-pam-ssh-agent-auth
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center