svn commit: r425152 - head/security/vuxml

Mark Felder feld at FreeBSD.org
Wed Nov 2 13:26:35 UTC 2016 

Author: feld
Date: Wed Nov  2 13:26:33 2016
New Revision: 425152
URL: https://svnweb.freebsd.org/changeset/ports/425152

Log:
  Update openssh vuxml entry to add FreeBSD SA information
  
  Security:	CVE-2016-8858
  Security:	SA-16:33.openssh

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Nov  2 13:19:27 2016	(r425151)
+++ head/security/vuxml/vuln.xml	Wed Nov  2 13:26:33 2016	(r425152)
@@ -436,32 +436,40 @@ fuzzing and other initiatives.</li>
   </vuln>
 
   <vuln vid="6a2cfcdc-9dea-11e6-a298-14dae9d210b8">
-    <topic>openssh -- denial of service</topic>
+    <topic>FreeBSD -- OpenSSH Remote Denial of Service vulnerability</topic>
     <affects>
       <package>
 	<name>openssh-portable</name>
 	<range><lt>7.3p1_1</lt></range>
       </package>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>11.0</ge><lt>11.0_3</lt></range>
+	<range><ge>10.3</ge><lt>10.3_12</lt></range>
+      </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p> reports:</p>
-	<blockquote cite="http://seclists.org/oss-sec/2016/q4/191">
-	  <p>OpenSSH has a memory exhaustion bug in key exchange
-	    process. An unauthenticated peer could repeat the KEXINIT
-	    and cause allocation of up to 384MB(not 128MB that the official
-	    said). In the default case, an attacker can build 100 such
-	    connections, which will consume 38400 MB of memory on the server.</p>
-	</blockquote>
+	<h1>Problem Description:</h1>
+	<p>When processing the SSH_MSG_KEXINIT message, the server
+	could allocate up to a few hundreds of megabytes of memory
+	per each connection, before any authentication take place.</p>
+	<h1>Impact:</h1>
+	<p>A remote attacker may be able to cause a SSH server to
+	allocate an excessive amount of memory. Note that the default
+	MaxStartups setting on FreeBSD will limit the effectiveness
+	of this attack.</p>
       </body>
     </description>
     <references>
       <url>http://seclists.org/oss-sec/2016/q4/191</url>
       <cvename>CVE-2016-8858</cvename>
+      <freebsdsa>SA-16:33.openssh</freebsdsa>
     </references>
     <dates>
       <discovery>2016-10-19</discovery>
       <entry>2016-10-29</entry>
+      <modified>2016-11-02</modified>
     </dates>
   </vuln>

More information about the svn-ports-all mailing list