Alert GCSA-18066 - Vulnerabilita' in OpenSSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18066
Data: 30 agosto 2018
Titolo: Vulnerabilita' in OpenSSH
******************************************************************
:: Descrizione del problema
E' stata scoperta una vulnerabilita' nel software OpenSSH
che permettere di enumerare username validi.
Un aggressore remoto puo' verificare se esiste un determinato
utente su un server target.
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
OpenSSH fino alla versione 7.7
:: Impatto
Username enumeration
:: Soluzioni
Aggiornare OpenSSH alla versione 7.8
o applicare le patch opportune.
:: Riferimenti
OpenSSH 7.8 released
http://www.openssh.com/txt/release-7.8
OpenSSH username enumeration
http://openwall.com/lists/oss-security/2018/08/15/5
http://www.openwall.com/lists/oss-security/2018/08/24/1
SANS ISC
https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004/
Debian Security Advisory
https://www.debian.org/security/2018/dsa-4280
Red Hat
https://access.redhat.com/security/cve/cve-2018-15473
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473
BleepingComputer
https://www.bleepingcomputer.com/news/security/vulnerability-affects-all-openssh-versions-released-in-the-past-two-decades/
SecurityTracker
https://securitytracker.com/id/1041487
SecurityFocus
https://www.securityfocus.com/bid/105140
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFbh7vRwZxMk2USYEIRAibfAJwOIeRwSGbBipdph7Lg5gZEm/NjHQCgqUr0
B+1tLs7/ZWSk2M/Ba/KXMVM=
=oE+B
-----END PGP SIGNATURE-----