CVE-2018-15473

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-15473
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15473.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-15473
Downstream
Related
Published
2018-08-17T19:29:00.223Z
Modified
2026-03-20T11:24:08.521180Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type
GIT
Repo
https://github.com/openbsd/src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
Type
GIT
Repo
https://github.com/openssh/openssh-portable
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a0349a1cc4a18967ad1dbff5389bcdf9da098814
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fd0fa130ecf06d7d092932adcd5d77f1549bfc8d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
94eb6858efecc1b4f02d8a6bd35e149f55c814c8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d5dacb43fa30c2f6d7eebbd4c5fcf906c3b5d5d8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1dc8d93ce69d6565747eb44446ed117187621b26
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d5dacb43fa30c2f6d7eebbd4c5fcf906c3b5d5d8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1dc8d93ce69d6565747eb44446ed117187621b26
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d5dacb43fa30c2f6d7eebbd4c5fcf906c3b5d5d8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1dc8d93ce69d6565747eb44446ed117187621b26
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        }
    ]
}

Affected versions

Other
ABOUT_TO_ADD_INET_ATON
AFTER_FREEBSD_PAM_MERGE
AFTER_KRB5_GSSAPI_MERGE
BEFORE_FREEBSD_PAM_MERGE
BEFORE_KRB5_GSSAPI_MERGE
POST_KRB4_REMOVAL
PRE-REORDER
PRE_CYGWIN_MERGE
PRE_DAN_PATCH_MERGE
PRE_FIXPATHS_INTEGRATION
PRE_HPUX_INTEGRATION
PRE_IPV6
PRE_KRB4_REMOVAL
PRE_NEW_LOGIN_CODE
PRE_SW_KRBV
V_1_2PRE17
V_1_2_1_PRE18
V_1_2_1_PRE19
V_1_2_1_PRE20
V_1_2_1_PRE21
V_1_2_1_PRE22
V_1_2_1_PRE23
V_1_2_1_PRE24
V_1_2_1_PRE25
V_1_2_1_PRE26
V_1_2_1_PRE27
V_1_2_2
V_1_2_2_P1
V_1_2_2_PRE28
V_1_2_2_PRE29
V_1_2_3
V_1_2_3_PRE1
V_1_2_3_PRE2
V_1_2_3_PRE3
V_1_2_3_PRE4
V_1_2_3_PRE5
V_1_2_3_TEST1
V_1_2_3_TEST2
V_1_2_3_TEST3
V_1_2_PRE10
V_1_2_PRE11
V_1_2_PRE12
V_1_2_PRE13
V_1_2_PRE14
V_1_2_PRE15
V_1_2_PRE16
V_1_2_PRE4
V_1_2_PRE5
V_1_2_PRE6
V_1_2_PRE7
V_1_2_PRE8
V_1_2_PRE9
V_2_0_0_BETA1
V_2_0_0_BETA2
V_2_0_0_TEST1
V_2_1_0
V_2_1_0_P1
V_2_1_0_P2
V_2_1_0_P3
V_2_1_1_P1
V_2_1_1_P2
V_2_1_1_P3
V_2_1_1_P4
V_2_2_0_P1
V_2_3_0_P1
V_2_5_0_P1
V_2_5_1_P1
V_2_5_1_P2
V_2_5_2_P1
V_3_0_1_P1
V_3_0_P1
V_3_1_P1
V_3_2_2_P1
V_3_4_P1
V_3_6_1_P1
V_3_8_P1
V_3_9_P1
V_4_2_P1
V_5_0_P1
V_5_1_P1
V_5_2_P1
V_5_5_P1
V_5_7_P1
V_6_0_P1
V_6_1_P1
V_6_2_P1
V_6_5_P1
V_6_6_P1
V_6_8_P1
V_6_9_P1
V_7_0_P1
V_7_1_P1
V_7_2_P1
V_7_3_P1
V_7_4_P1
V_7_5_P1
V_7_6_P1
V_7_7_P1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "9.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.8.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "3.2.7"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15473.json"
vanir_signatures 
[
    {
        "target": {
            "file": "usr.bin/ssh/auth2-pubkey.c"
        },
        "id": "CVE-2018-15473-2a3afae5",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "119975464824009469413883312213089211775",
                "274698482336539058551077063517635818430",
                "86711230683139209951626643804467795531",
                "262949122131880208000418495173309310484",
                "87022270268444924629351939185921107588",
                "150843297929786961686061401556345263667",
                "159519716029805821732395735951191993143",
                "110077194506647403043837940407835452879",
                "204969604743243839754623716022090260991",
                "328941983918241414113512288903415025947",
                "264634291577293671884527984895384111239",
                "1766804874425059854149063106767579377",
                "115250589483112738565630367401884680141",
                "104832178302712894352455473796841912832",
                "60418795427745263238428104311032676737",
                "300321231866655426968697157531092865005",
                "167012515418482683382639496592960378804",
                "154327093979707861485282926287294992132",
                "74032963134284418029763131694776540488",
                "255414229419176543077674420418842924988",
                "144140290594414581245317570338444627783",
                "228742451295151995708647298447348455674",
                "36267913938201863080127835789111565196",
                "70711496218795990807703803538247883690",
                "126375797009571522855267999939565856948",
                "298848453172800519760120639588797034836",
                "268798783962682597345105426075541078666",
                "147099324874960870976415514941924067388",
                "199963864573824354632195165283499265179",
                "124863310965861666377321584017895736413",
                "152706570059307855534170220038074189883",
                "31985583888174520582460384287868071270",
                "311800891991238705913025629161228012736",
                "314568444815469404449616018141456982511"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
    },
    {
        "target": {
            "file": "usr.bin/ssh/auth2-gss.c"
        },
        "id": "CVE-2018-15473-3d6fac5a",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "118719721786177699049400526304218089118",
                "21853781138843863250019365630767955918",
                "258197830915776318986477863395068571072",
                "130197575787330828243374517017865409017",
                "271608615342747687524716193551730937341",
                "331488573538470210612662617593630223018",
                "48721736397588038626008942836747461164",
                "114069187508636402931862011734516939273",
                "220385532881783054975697087030998248650"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
    },
    {
        "target": {
            "file": "usr.bin/ssh/auth2-pubkey.c",
            "function": "userauth_pubkey"
        },
        "id": "CVE-2018-15473-a0a29089",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 4335.0,
            "function_hash": "325235706176349412555394121092963357979"
        },
        "signature_type": "Function",
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
    },
    {
        "target": {
            "file": "usr.bin/ssh/auth2-hostbased.c"
        },
        "id": "CVE-2018-15473-b3cb59f6",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "239875327327373825409506145374136896093",
                "76934019248429903571503393577152993433",
                "339534628931607781308670996022115043522",
                "319064688410491107005435775355165222517",
                "115250589483112738565630367401884680141",
                "77866781888508487842761987839561071026",
                "20086267411113859945551925096050132334",
                "76684314296495416733652832118702050612",
                "236753811845282948568234472528205782673",
                "79699893232428347337556884662331684617",
                "270968600017438065004062669961824600900"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
    },
    {
        "target": {
            "file": "usr.bin/ssh/auth2-gss.c",
            "function": "userauth_gssapi"
        },
        "id": "CVE-2018-15473-ee073a02",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 1577.0,
            "function_hash": "117509395115892751743292488332286348060"
        },
        "signature_type": "Function",
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
    },
    {
        "target": {
            "file": "usr.bin/ssh/auth2-hostbased.c",
            "function": "userauth_hostbased"
        },
        "id": "CVE-2018-15473-f7ba3c85",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 2918.0,
            "function_hash": "1840171710972432913659117789350748496"
        },
        "signature_type": "Function",
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
    }
]