漏洞信息(CVE-2018-15473)

一、漏洞 CVE-2018-15473 基础信息

漏洞信息

                                        # N/A

## 漏洞概述
OpenSSH 7.7及之前版本存在用户枚举漏洞，因为程序在验证用户身份时未能在解析请求包后延迟处理无效用户，而是过早地给出了反馈。

## 影响版本
- OpenSSH 7.7及之前版本

## 漏洞细节
该漏洞与文件 `auth2-gss.c`、`auth2-hostbased.c` 和 `auth2-pubkey.c` 相关。具体来说，漏洞发生在解析请求包之前就处理无效用户，导致攻击者可以通过检测响应时间的不同来枚举用户。

## 漏洞影响
攻击者可能利用此漏洞通过发送身份验证请求并监控系统响应来枚举出有效用户，从而增加后续攻击的风险。

提示

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

OpenSSH 竞争条件问题漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

OpenSSH（OpenBSD Secure Shell）是OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 7.7及之前版本中存在竞争条件问题漏洞。该漏洞源于网络系统或产品在运行过程中，并发代码需要互斥地访问共享资源时，对于并发访问的处理不当。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

竞争条件问题

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2018-15473 的公开POC

#	POC 描述	源链接	神龙链接
1	OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).	https://github.com/trimstray/massh-enum	POC详情
2	CVE-2018-15473 - Opensshenum is an user enumerator exploiting an OpenSsh bug	https://github.com/gbonacini/opensshenum	POC详情
3	Exploit written in Python for CVE-2018-15473 with threading and export formats	https://github.com/Rhynorater/CVE-2018-15473-Exploit	POC详情
4	Multi-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473	https://github.com/epi052/cve-2018-15473	POC详情
5	OpenSSH < 7.7 User Enumeration CVE-2018-15473 Exploit	https://github.com/pyperanger/CVE-2018-15473_exploit	POC详情
6	OpenSSH 7.7 - Username Enumeration	https://github.com/r3dxpl0it/CVE-2018-15473	POC详情
7	Fully functional script for brute forcing SSH and trying credentials - CVE-2018-15473	https://github.com/JoeBlackSecurity/SSHUsernameBruter-SSHUB	POC详情
8	cve-2018-15473	https://github.com/cved-sources/cve-2018-15473	POC详情
9	This is a exp of CVE-2018-15473	https://github.com/LINYIKAI/CVE-2018-15473-exp	POC详情
10	OpenSSH 用户名枚举漏洞（CVE-2018-15473）	https://github.com/trickster1103/-	POC详情
11	SSH account enumeration verification script(CVE-2018-15473)	https://github.com/NHPT/SSH-account-enumeration-verification-script	POC详情
12	CVE-2018-15473-Exploit	https://github.com/CaioCGH/EP4-redes	POC详情
13	Project with sublist3r, massan, CVE-2018-15473, ssh bruteforce, ftp bruteforce and nikto.	https://github.com/Moon1705/easy_security	POC详情
14	Checks a list of SSH servers for password-based auth availability and for the existence of SSH user enumeration vulnerability (CVE-2018-15473) in those identified.	https://github.com/An0nYm0u5101/enumpossible	POC详情
15	None	https://github.com/Wh1t3Fox/cve-2018-15473	POC详情
16	None	https://github.com/1stPeak/CVE-2018-15473	POC详情
17	openssh<7.7 用户名枚举	https://github.com/coollce/CVE-2018-15473_burte	POC详情
18	None	https://github.com/Dirty-Racoon/CVE-2018-15473-py3	POC详情
19	OpenSSH 2.3 < 7.7 - Username Enumeration	https://github.com/Sait-Nuri/CVE-2018-15473	POC详情
20	None	https://github.com/WildfootW/CVE-2018-15473_OpenSSH_7.7	POC详情
21	CVE-2018-15473 Exploit	https://github.com/MrDottt/CVE-2018-15473	POC详情
22	Test CVE-2018-15473 exploit on Shodan IP	https://github.com/66quentin/shodan-CVE-2018-15473	POC详情
23	None	https://github.com/0xrobiul/CVE-2018-15473	POC详情
24	None	https://github.com/philippedixon/CVE-2018-15473	POC详情
25	SSH User Enumerator in Python3, CVE-2018-15473, I updated the code of this exploit (https://www.exploit-db.com/exploits/45939) to work with python3 instead of python2.	https://github.com/sergiovks/SSH-User-Enum-Python3-CVE-2018-15473	POC详情
26	None	https://github.com/Anonimo501/ssh_enum_users_CVE-2018-15473	POC详情
27	None	https://github.com/mclbn/docker-cve-2018-15473	POC详情
28	User enumeration for CVE-2018-15473	https://github.com/GaboLC98/userenum-CVE-2018-15473	POC详情
29	SSH Username Enumeration	https://github.com/mrblue12-byte/CVE-2018-15473	POC详情
30	None	https://github.com/4xolotl/CVE-2018-15473	POC详情
31	None	https://github.com/NestyF/SSH_Enum_CVE-2018-15473	POC详情
32	Fix for CVE-2018-15473	https://github.com/yZ1337/CVE-2018-15473	POC详情
33	None	https://github.com/MahdiOsman/CVE-2018-15473-SNMPv1-2-Community-String-Vulnerability-Testing	POC详情
34	FAFAF	https://github.com/SUDORM0X/PoC-CVE-2018-15473	POC详情
35	SSHEnum es una herramienta de enumeración de usuarios SSH basada en CVE-2018-15473. Permite detectar usuarios válidos aprovechando respuestas diferenciadas del servidor. Es rápida, compatible con Python 3.12 y soporta wordlists. Uso exclusivo para auditoría y pruebas de seguridad autorizadas.	https://github.com/OmarV4066/SSHEnumKL	POC详情
36	A Bash script to enumerate valid SSH usernames using the CVE-2018-15473 vulnerability. It checks for valid usernames on an OpenSSH OpenSSH 7.2p2 server by analyzing authentication responses.	https://github.com/0xNehru/ssh_Enum_vaild	POC详情
37	Check if a username is valid on the SSH server by attempting an authentication. The server response will indicate whether the username exists.	https://github.com/moften/cve-2018-15473-poc	POC详情
38	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/OpenSSH%20%E7%94%A8%E6%88%B7%E5%90%8D%E6%9E%9A%E4%B8%BE%E6%BC%8F%E6%B4%9E%20CVE-2018-15473.md	POC详情
39		https://github.com/vulhub/vulhub/blob/master/openssh/CVE-2018-15473/README.md	POC详情
40	Fix for CVE-2018-15473	https://github.com/yZeetje/CVE-2018-15473	POC详情
41	This script checks for the OpenSSH 7.7 (and prior) username enumeration vulnerability (CVE-2018-15473). It sends a malformed authentication packet and interprets the SSH server’s response to identify valid usernames.	https://github.com/makmour/open-ssh-user-enumeration	POC详情
42	Fix for CVE-2018-15473	https://github.com/yZee00/CVE-2018-15473	POC详情
43	script de enumeración de usuarios SSH basado en diferencias de timing y respuestas de autenticación. Explota el mismo vector que CVE-2018-15473 en versiones vulnerables de OpenSSH (≤ 7.7), aunque también puede revelar patrones en configuraciones modernas.	https://github.com/Alph4Sec/ssh_enum_py	POC详情
44	Advanced network penetration testing toolkit with SSH vulnerability assessment, CVE-2018-15473 exploitation, stealth brute force capabilities, and fail2ban evasion techniques. Professional-grade security testing framework for authorized penetration testing engagements.	https://github.com/anonymous121029034720384234234/py-network-scanner	POC详情
45	Exploit Code for CVE-2018-15473	https://github.com/jubeenshah/CVE-2018-15473-Exploit	POC详情

三、漏洞 CVE-2018-15473 的情报信息

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://bugs.debian.org/906236
https://security.netapp.com/advisory/ntap-20181101-0001/
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.openwall.com/lists/oss-security/2018/08/15/5
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
https://www.exploit-db.com/exploits/45233/ exploit
https://www.exploit-db.com/exploits/45210/ exploit
https://www.exploit-db.com/exploits/45939/ exploit
http://www.securityfocus.com/bid/105140 vdb-entry
http://www.securitytracker.com/id/1041487 vdb-entry
https://www.debian.org/security/2018/dsa-4280 vendor-advisory
https://usn.ubuntu.com/3809-1/ vendor-advisory
https://security.gentoo.org/glsa/201810-03 vendor-advisory
https://access.redhat.com/errata/RHSA-2019:0711 vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2143 vendor-advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2018-15473

四、漏洞 CVE-2018-15473 的评论

暂无评论

一、 漏洞 CVE-2018-15473 基础信息

漏洞信息

提示

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2018-15473 的公开POC

三、漏洞 CVE-2018-15473 的情报信息

四、漏洞 CVE-2018-15473 的评论

发表评论

一、漏洞 CVE-2018-15473 基础信息