Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-8858

** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

Related bugs and status

CVE-2016-8858 (Candidate) is related to these bugs:

Bug #1732172: [CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04

Summary				In	Importance	Status
	1732172	[CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04		openssh (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016101...
MLIST: [oss-security] 2016102...
MISC: https://bugzilla.redha...
MISC: https://ftp.openbsd.or...
MISC: https://github.com/ope...
BID: 93776
MISC: http://cvsweb.openbsd....
MISC: http://cvsweb.openbsd....
GENTOO: GLSA-201612-18
SECTRACK: 1037057
FREEBSD: FreeBSD-SA-16:33
CONFIRM: https://security.netap...
CONFIRM: https://cert-portal.si...