CVE-2016-10009 and CVE-2016-6515

General support questions
Posts: 1
Joined: 2018/04/20 09:43:16

CVE-2016-10009 and CVE-2016-6515

Postby ttkiranktly » 2018/04/20 09:59:04


Recent vulnerability scan in our environment identified below vulnerabilities in CentOS 6.9 servers,
CVE-2016-10009 - OpenSSH: Untrusted Search Path Vulnerability
CVE-2016-6515 - OpenSSH: Password Length Limitation Denial of Service Vulnerability

Current version of Open SSH is as below,


This seems to be the latest version available for CentOS6.9.

Could you please help on below,

1) Is this version of OpenSSH is really vulnerable to above mentioned CVE's ?
2) If Yes, how can this be mitigated ?


User avatar
Forum Moderator
Posts: 2457
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland

Re: CVE-2016-10009 and CVE-2016-6515

Postby avij » 2018/04/20 10:26:04

Please refer to the Red Hat CVE database:

For both of those, RH has decided to not fix these issues for the time being, and consequently, CentOS openssh will not get fixed either.