Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2015-5600
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-03 Aug, 2015 | 00:00
Updated At-27 May, 2026 | 16:31
Rejected At-
▼CVE Numbering Authority (CNA)

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
N/A
http://www.ubuntu.com/usn/USN-2710-2
vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
vendor-advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
N/A
https://security.gentoo.org/glsa/201512-04
vendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10136
N/A
https://security.netapp.com/advisory/ntap-20151106-0001/
N/A
http://rhn.redhat.com/errata/RHSA-2016-0466.html
vendor-advisory
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697
N/A
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
vendor-advisory
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10157
N/A
http://www.securityfocus.com/bid/75990
vdb-entry
http://www.securityfocus.com/bid/91787
vdb-entry
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
vendor-advisory
http://www.securityfocus.com/bid/92012
vdb-entry
https://support.apple.com/kb/HT205031
N/A
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
mailing-list
http://openwall.com/lists/oss-security/2015/07/23/4
mailing-list
http://www.ubuntu.com/usn/USN-2710-1
vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
vendor-advisory
http://www.securitytracker.com/id/1032988
vdb-entry
http://seclists.org/fulldisclosure/2015/Jul/92
mailing-list
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2710-2
Resource:
vendor-advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
Resource:
vendor-advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201512-04
Resource:
vendor-advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10136
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20151106-0001/
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0466.html
Resource:
vendor-advisory
Hyperlink: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Resource:
vendor-advisory
Hyperlink: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10157
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/75990
Resource:
vdb-entry
Hyperlink: http://www.securityfocus.com/bid/91787
Resource:
vdb-entry
Hyperlink: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
Resource:
vendor-advisory
Hyperlink: http://www.securityfocus.com/bid/92012
Resource:
vdb-entry
Hyperlink: https://support.apple.com/kb/HT205031
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Resource:
mailing-list
Hyperlink: http://openwall.com/lists/oss-security/2015/07/23/4
Resource:
mailing-list
Hyperlink: http://www.ubuntu.com/usn/USN-2710-1
Resource:
vendor-advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
Resource:
vendor-advisory
Hyperlink: http://www.securitytracker.com/id/1032988
Resource:
vdb-entry
Hyperlink: http://seclists.org/fulldisclosure/2015/Jul/92
Resource:
mailing-list
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
x_transferred
http://www.ubuntu.com/usn/USN-2710-2
vendor-advisory
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
vendor-advisory
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
x_transferred
https://security.gentoo.org/glsa/201512-04
vendor-advisory
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10136
x_transferred
https://security.netapp.com/advisory/ntap-20151106-0001/
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0466.html
vendor-advisory
x_transferred
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697
x_transferred
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
vendor-advisory
x_transferred
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10157
x_transferred
http://www.securityfocus.com/bid/75990
vdb-entry
x_transferred
http://www.securityfocus.com/bid/91787
vdb-entry
x_transferred
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
vendor-advisory
x_transferred
http://www.securityfocus.com/bid/92012
vdb-entry
x_transferred
https://support.apple.com/kb/HT205031
x_transferred
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
mailing-list
x_transferred
http://openwall.com/lists/oss-security/2015/07/23/4
mailing-list
x_transferred
http://www.ubuntu.com/usn/USN-2710-1
vendor-advisory
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
vendor-advisory
x_transferred
http://www.securitytracker.com/id/1032988
vdb-entry
x_transferred
http://seclists.org/fulldisclosure/2015/Jul/92
mailing-list
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
x_transferred
https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Resource:
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2710-2
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Resource:
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Resource:
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201512-04
Resource:
vendor-advisory
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10136
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20151106-0001/
Resource:
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0466.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697
Resource:
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c
Resource:
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10157
Resource:
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75990
Resource:
vdb-entry
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91787
Resource:
vdb-entry
x_transferred
Hyperlink: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.securityfocus.com/bid/92012
Resource:
vdb-entry
x_transferred
Hyperlink: https://support.apple.com/kb/HT205031
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Resource:
mailing-list
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2015/07/23/4
Resource:
mailing-list
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2710-1
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032988
Resource:
vdb-entry
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2015/Jul/92
Resource:
mailing-list
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Resource:
x_transferred
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12
Resource:
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found