[Bug 1794629] Re: CVE-2018-15473 - User enumeration vulnerability
Vital Koshalew
vkoshalew at voxdata.com
Tue Apr 9 13:06:05 UTC 2019
@seth-arnold,
You are talking about a different type of vulnerability scanning that is
not part of the Qualys service in question (External vulnerability scan,
"black box" scan methodology). PCI DSS also mandates regular internal
scans and penetration tests. Qualys, as well as other vendors provides
such services.
As for determining package version directly vs. by version banner, I
don't see any difference *in this case* as by default full ubuntu-
specific package version is displayed in SSH version banner and Qualys
requires users not to interfere with the scanning.
The issue that @root(mysky) has stems from the fact that Qualys is
usually very fast when including a vulnerable product in their detector
but sometimes slow to exclude fixed versions as in this case. This isn't
a big deal as they have False Positive Report mechanism that allows a
live service representative to asses the situation and allow your system
to pass even if the automatic scanner detects a non-existent
vulnerability.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1794629
Title:
CVE-2018-15473 - User enumeration vulnerability
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Trusty:
Fix Released
Status in openssh source package in Xenial:
Fix Released
Status in openssh source package in Bionic:
Fix Released
Status in openssh source package in Cosmic:
Fix Released
Bug description:
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due
to not delaying bailout for an invalid authenticating user until after
the packet containing the request has been fully parsed, related to
auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Fixed in Debian: https://www.debian.org/security/2018/dsa-4280
Currently pending triage? https://people.canonical.com/~ubuntu-
security/cve/2018/CVE-2018-15473.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1794629/+subscriptions
More information about the foundations-bugs
mailing list