SB2021091616 - Multiple vulnerabilities in Siemens SCALANCE X-200 and X-300/X408 Switches

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Consuming excessive CPU resources on the target system (CVE-ID: CVE-2016-6515)

The vulnerability allows a remote attacker to consume excessive CPU resources on the target system.

The vulnerability exists in the crypt(3) function, which accepts passwords longer that 1024 characters in auth_password() function in the auth_passwd.c . A remote unauthenticated attacker can submit a very long string as a password and consume excessive CPU resources.

Successful exploitation of this vulnerability may result in denial of service.

2) Information disclosure (CVE-ID: CVE-2016-10011)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in authfile.c, which may allow a local authenticated user to obtain host private key material.

Successful exploitation of this vulnerability may allow a local user to gain access to otherwise restricted information.

3) Null pointer dereference (CVE-ID: CVE-2016-10708)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper processing of out-of-sequence NEWKEYS messages, as defined in the kex.c and packet.c source code files. A remote attacker can send an out-of-sequence NEWKEYS message, trigger a NULL pointer dereference condition and cause the sshd daemon to crash.

Remediation

Install update from vendor's website.

References

• https://cert-portal.siemens.com/productcert/txt/ssa-676336.txt