Denial of service with OpenSSH

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2020-013 CVE-2016-8858 07/15/2020 medium v1

Vulnerability details

The version of OpenSSH used on SNS 3.X is vulnerable to a DOS type vulnerability.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS 3.X is impacted

Revisions

Version Date Description
v1  07/15/2020 Initial release

 



Stormshield Network Security

CVSS v2 Overall Score: 4.1      

Analysis

Impacted version

A remote attacker may cause a target OpenSSH server to allocate an excessive amount of memory (up to 384MB per connection) as a result of processing numerous KEXINIT requests normally made during the SSH protocol key negotiation process.

SSH must be enabled on the firewall (ssh is disabled by default) and it must be accessible to exploit the vulnerability.

  • SNS 3.0 to 3.11.0

Workaround solution

Solution

Limit the SSH remote access to administrators only, or disable it.

 

 

Version 3.7.13 and 3.11.1 fixes this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Medium None None None Partial
CVSS Base score: 4.3 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Functionnal exploits exists Official fix Confirmed
CVSS Temporal score: 3.6 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Low-Medium Medium [26-75%]
CVSS Environmental score: 4.1 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C/CDP:LM/TD:M/CR:ND/IR:ND/AR:ND)