CVE-2016-6515 PoC — OpenSSH输入验证错误漏洞

Source

https://github.com/cved-sources/cve-2016-6515

Associated Vulnerability

Title:OpenSSH输入验证错误漏洞 (CVE-2016-6515)
Description:OpenSSH（OpenBSD Secure Shell）是Openbsd计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 7.3之前的版本中的sshd中的auth-passwd.c文件中的‘auth_password’函数存在输入验证错误漏洞，该漏洞源于程序没有在密码验证中限制密码长度。远程攻击者可借助长的字符串利用该漏洞造成拒绝服务(CPU消耗)。

Description

cve-2016-6515

Readme

# CVE-2016-6515

This is part of Cved: *a tool to manage vulnerable docker containers.* 

Cved: https://github.com/git-rep-src/cved

Image source: https://github.com/cved-sources/cve-2016-6515

Image author: https://github.com/opsxcq/exploit-CVE-2016-6515

File Snapshot


 [4.0K]  /data/pocs/77e1a844090491d28398cfe972ff1d54be7a16e2
├── [4.0K]  build
│   ├── [  68]  main.sh
│   ├── [4.0K]  openssh-7.2p2
│   │   ├── [573K]  openssh-client_7.2p2-4ubuntu2.1_amd64.deb
│   │   └── [330K]  openssh-server_7.2p2-4ubuntu2.1_amd64.deb
│   └── [2.5K]  sshd_config
├── [ 587]  Dockerfile
└── [ 256]  README.md

2 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!