Headline
CVE-2016-8858
** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that “OpenSSH upstream does not consider this as a security issue.”
=================================================================== RCS file: /cvs/src/usr.bin/ssh/kex.c,v retrieving revision 1.126 retrieving revision 1.127 diff -u -r1.126 -r1.127 — src/usr.bin/ssh/kex.c 2016/09/28 21:44:52 1.126 +++ src/usr.bin/ssh/kex.c 2016/10/10 19:28:48 1.127 @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.126 2016/09/28 21:44:52 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */ /* * Copyright © 2000, 2001 Markus Friedl. All rights reserved. * @@ -461,6 +461,7 @@ if (kex == NULL) return SSH_ERR_INVALID_ARGUMENT; + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ptr = sshpkt_ptr(ssh, &dlen); if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) return r;
Related news
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.