SB2018082223 - User enumeration in openssh (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) User enumeration (CVE-ID: CVE-2018-15473)

The vulnerability allows a remote attacker to enumerate all accounts on the system.

The vulnerability exists due to a logical error in auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c files when processing authentication requests. A remote attacker can send a specially crafted chain of packets and monitor behavior of openssh server to determine presence of a valid username. The server will drop connection upon receiving a malformed authentication packets if the username is valid.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=9730fd967a164b246d18cab2dede31af43c83f08
• https://git.alpinelinux.org/aports/commit/?id=41b4f2fefdc60865e8d4d1e5f7417a93cbf988dd
• https://git.alpinelinux.org/aports/commit/?id=6f341976a29e48fc6107edef77a62ff7e0614163
• https://git.alpinelinux.org/aports/commit/?id=806a3280dc6fc93291a3c957eaac3e8a7981e36b
• https://git.alpinelinux.org/aports/commit/?id=adb2a2ada250b5756ac84b9f8ccbef204cc545f4
• https://git.alpinelinux.org/aports/commit/?id=c314d18b4e1c932d8670c49f265f919242b7a17b
• https://git.alpinelinux.org/aports/commit/?id=db649bc3a2755f56372cc2abae87e42e5285e44f