BID:105140

OpenSSH CVE-2018-15473 User Enumeration Vulnerability

CVE-2018-15473 |

Info

OpenSSH CVE-2018-15473 User Enumeration Vulnerability

Bugtraq ID:	105140
Class:	Access Validation Error
CVE:	CVE-2018-15473
Remote:	Yes
Local:	No
Published:	Aug 16 2018 12:00AM
Updated:	Apr 19 2019 07:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Redhat Enterprise Linux 5 Oracle Linux 3.4 Oracle Linux 3.3 OpenBSD OpenSSH 6.0 OpenBSD OpenSSH 3.8.1 p1 OpenBSD OpenSSH 3.0.2 p1 OpenBSD OpenSSH 3.0.2 OpenBSD OpenSSH 3.0.1 p1 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 OpenBSD OpenSSH 3.0.1 + FreeBSD FreeBSD 4.4 + FreeBSD FreeBSD 4.3 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - OpenBSD OpenBSD 2.6 OpenBSD OpenSSH 3.0 p1 OpenBSD OpenSSH 3.0 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - OpenBSD OpenBSD 2.6 OpenBSD OpenSSH 2.9 p2 - Caldera OpenLinux Server 3.1 - Caldera OpenLinux Server 3.1 - Caldera OpenLinux Workstation 3.1 - Caldera OpenLinux Workstation 3.1 + HP Secure OS software for Linux 1.0 + HP Secure OS software for Linux 1.0 + Redhat Linux 7.2 i386 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.1 alpha + Redhat Linux 7.0 i386 + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 7.0 alpha OpenBSD OpenSSH 2.9 p1 - Caldera OpenLinux 2.4 - Debian Linux 2.2 - HP HP-UX 11.11 - IBM AIX 4.3.3 - MandrakeSoft Corporate Server 1.0.1 - MandrakeSoft Single Network Firewall 7.2 - Mandriva Linux Mandrake 8.1 ia64 - Mandriva Linux Mandrake 8.1 - Mandriva Linux Mandrake 8.0 ppc - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Redhat Linux 7.1 - Redhat Linux 7.0 - Redhat Linux 6.2 - SCO eDesktop 2.4 - SCO eServer 2.3.1 - SGI IRIX 6.5.9 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.1 - SuSE Linux 7.0 OpenBSD OpenSSH 2.9 + FreeBSD FreeBSD 4.4 + OpenBSD OpenBSD 2.9 OpenBSD OpenSSH 2.5.2 p2 + Redhat Linux 7.0 OpenBSD OpenSSH 2.5.2 OpenBSD OpenSSH 2.3.1 p1 OpenBSD OpenSSH 2.3.1 OpenBSD OpenSSH 2.2 .x + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + FreeBSD FreeBSD 5.0 + FreeBSD FreeBSD 4.2 + FreeBSD FreeBSD 4.1.1 + HP HP-UX 11.11 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + Mandriva Linux Mandrake 7.0 + NetBSD NetBSD 1.4.2 + OpenBSD OpenBSD 2.8 + OpenBSD OpenBSD 2.7 + Redhat Linux 7.0 + Sun Solaris 8_sparc + SuSE Linux 7.0 + Trustix Trustix Secure Linux 1.1 + Trustix Trustix Secure Linux 1.0 OpenBSD OpenSSH 2.2 .0 OpenBSD OpenSSH 2.1.1 p1 OpenBSD OpenSSH 2.1.1 OpenBSD OpenSSH 2.1 .x OpenBSD OpenSSH 2.1 OpenBSD OpenSSH 1.2.3 OpenBSD OpenSSH 1.2 OpenBSD OpenSSH 7.7 OpenBSD OpenSSH 6.6 OpenBSD OpenSSH 6.5 OpenBSD OpenSSH 6.4 OpenBSD OpenSSH 6.3 OpenBSD OpenSSH 6.1 OpenBSD OpenSSH 5.9 OpenBSD OpenSSH 5.8P2 OpenBSD OpenSSH 5.8 OpenBSD OpenSSH 5.7 OpenBSD OpenSSH 5.6 OpenBSD OpenSSH 5.5 OpenBSD OpenSSH 5.4 OpenBSD OpenSSH 5.2 OpenBSD OpenSSH 5.1 OpenBSD OpenSSH 5.0 OpenBSD OpenSSH 4.9 OpenBSD OpenSSH 4.8 OpenBSD OpenSSH 4.7P1 OpenBSD OpenSSH 4.7 OpenBSD OpenSSH 4.6 OpenBSD OpenSSH 4.4 OpenBSD OpenSSH 4.3p1 OpenBSD OpenSSH 4.3 OpenBSD OpenSSH 4.2p1 OpenBSD OpenSSH 4.2 OpenBSD OpenSSH 4.1 OpenBSD OpenSSH 4.0 OpenBSD OpenSSH 3.9 p1 McAfee Data Exchange Layer 4.1.2 McAfee Data Exchange Layer 4.1 McAfee Data Exchange Layer 4.0 IBM Vios 2.2.3 IBM Vios 2.2.1 4 IBM Vios 2.2 IBM Vios 2.2.4.0 IBM Vios 2.2.3.4 IBM Vios 2.2.3.3 IBM Vios 2.2.3.2 IBM Vios 2.2.3.0 IBM Vios 2.2.2.6 IBM Vios 2.2.2.5 IBM Vios 2.2.2.4 IBM Vios 2.2.2.0 IBM Vios 2.2.1.9 IBM Vios 2.2.1.8 IBM Vios 2.2.1.3 IBM Vios 2.2.1.1 IBM Vios 2.2.1.0 IBM Vios 2.2.0.13 IBM Vios 2.2.0.12 IBM Vios 2.2.0.11 IBM Vios 2.2.0.10 IBM Aix 7.2 IBM Aix 7.1.4 IBM Aix 7.1.3 IBM AIX 7.1.2 IBM AIX 7.1.1 IBM AIX 7.1 6 IBM AIX 7.1 IBM Aix 6.1.9 IBM AIX 6.1.8 IBM AIX 6.1.7 5 IBM AIX 6.1.7 IBM AIX 6.1.6 8 IBM AIX 6.1.6 IBM AIX 6.1.5 IBM AIX 6.1.4 IBM AIX 6.1.3 IBM AIX 6.1.2 IBM AIX 6.1.1 IBM AIX 5.3.12 6 IBM AIX 5.3.10 IBM AIX 5.3.9 IBM AIX 5.3.8 IBM AIX 5.3.7 IBM AIX 5.3 L IBM Aix 7.2.0.1 IBM Aix 7.2 IBM Aix 7.1.4.1 IBM Aix 7.1.3.5 IBM Aix 7.1.2.6 IBM AIX 7.1.2.15 IBM AIX 7.1.1.5 IBM AIX 7.1.1.16 IBM AIX 7.1 IBM Aix 6.1.9.6 IBM Aix 6.1.9.5 IBM Aix 6.1.8.7 IBM Aix 6.1.8.6 IBM Aix 6.1.8.5 IBM AIX 6.1.8.15 IBM AIX 6.1.7.16 IBM Aix 5.3.12.9 IBM AIX 5.3.12 IBM AIX 5.3.11 IBM AIX 5.3

Not Vulnerable:	McAfee Data Exchange Layer 4.1.2 Hotfix 1

Discussion

OpenSSH CVE-2018-15473 User Enumeration Vulnerability

OpenSSH is prone to a user-enumeration vulnerability.

An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks.

OpenSSH through 7.7 are vulnerable; other versions may also be affected.

Exploit / POC

OpenSSH CVE-2018-15473 User Enumeration Vulnerability

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Solution / Fix

OpenSSH CVE-2018-15473 User Enumeration Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

OpenSSH CVE-2018-15473 User Enumeration Vulnerability

References:

delay bailout for invalid authenticating user until after the packet (openbsd)
CVE-2018-15473-Exploit (Rhynorater)
OpenSSH Homepage (OpenSSH)
Bug 1619063 - (CVE-2018-15473) CVE-2018-15473 openssh: User enumeration via mal (Redhat)
CVE-2018-15473 (Redhat)
Oracle VM Server for x86 Bulletin - April 2019 (Oracle)
SB10266 Data Exchange Layer update fixes three vulnerabilities (McAfee)
Vulnerability in OpenSSH affects AIX. (IBM)