Hi,
Recent vulnerability scan in our environment identified below vulnerabilities in CentOS 6.9 servers,
CVE-2016-10009 - OpenSSH: Untrusted Search Path Vulnerability
CVE-2016-6515 - OpenSSH: Password Length Limitation Denial of Service Vulnerability
Current version of Open SSH is as below,
openssh-5.3p1-123.el6_9.x86_64
This seems to be the latest version available for CentOS6.9.
Could you please help on below,
1) Is this version of OpenSSH is really vulnerable to above mentioned CVE's ?
2) If Yes, how can this be mitigated ?
Thanks,
Kiran
CVE-2016-10009 and CVE-2016-6515
Re: CVE-2016-10009 and CVE-2016-6515
Please refer to the Red Hat CVE database:
https://access.redhat.com/security/cve/cve-2016-10009
https://access.redhat.com/security/cve/cve-2016-6515
For both of those, RH has decided to not fix these issues for the time being, and consequently, CentOS openssh will not get fixed either.
https://access.redhat.com/security/cve/cve-2016-10009
https://access.redhat.com/security/cve/cve-2016-6515
For both of those, RH has decided to not fix these issues for the time being, and consequently, CentOS openssh will not get fixed either.