FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- OpenSSH Denial of Service vulnerability

Affected packages
11.1 <= FreeBSD < 11.1_1
11.0 <= FreeBSD < 11.0_12
10.3 <= FreeBSD < 10.3_21

Details

VuXML ID 6ed5c5e3-a840-11e7-b5af-a4badb2f4699
Discovery 2017-08-10
Entry 2017-10-03

Problem Description:

There is no limit on the password length.

Impact:

A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator.

References

CVE Name CVE-2016-6515
FreeBSD Advisory SA-17:06.openssh