来源

关联漏洞

描述

OpenSSH 7.7 - Username Enumeration

介绍

# CVE-2018-15473
OpenSSH 7.7 - Username Enumeration
## Method 
The attacker can try to authenticate a user with a malformed packet (for
example, a truncated packet), and:

- if the user is invalid (it does not exist), then userauth_pubkey()
  returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE
  to the attacker;

- if the user is valid (it exists), then sshpkt_get_u8() fails, and the
  server calls fatal() and closes its connection to the attacker.
## Usage 
Usage of the Library is Very Simple and it can be used just in few lines 
```
python <target> --port <port> --userlist <username_file> 
```
## Vulnerable Systems 
+ Redhat Enterprise Linux 7
+ Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0 
+ Trustix Secure Linux 2.2 
+ Trustix Secure Linux 2.1 
+ Trustix Secure Linux 2.0 
+ Redhat Enterprise Linux 5
+ OpenSSH OpenSSH 3.4 
+ OpenSSH OpenSSH 3.3 
+ Openwall Openwall GNU/*/Linux (Owl)-current
+ OpenSSH OpenSSH 2.9 
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6 
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5 
+ OpenSSH OpenSSH 2.5.2 
+ Caldera OpenUnix 8.0 
+ Caldera UnixWare 7.1.1 
+ Wirex Immunix OS 6.2 
+ OpenSSH OpenSSH 2.5.1 
+ NetBSD NetBSD 1.5.1 
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD 
+ S.u.S.E. SuSE eMail Server III 
+ SCO Open Server 5.0.6 a
+ SCO Open Server 5.0.6 
+ SCO Open Server 5.0.5 
+ SCO Open Server 5.0.4 
+ SCO Open Server 5.0.3 
+ SCO Open Server 5.0.2 
+ SCO Open Server 5.0.1 
+ SCO Open Server 5.0 
+ SuSE Linux 7.3 
+ SuSE Linux 7.2 
+ SuSE Linux 7.1 
+ SuSE SUSE Linux Enterprise Server 7
+ OpenSSH OpenSSH 2.5 
+ OpenSSH OpenSSH 2.3 
+ SuSE Linux 7.0 sparc
+ SuSE Linux 7.0 ppc
+ SuSE Linux 7.0 i386
+ SuSE Linux 7.0 alpha
+ SuSE Linux 6.4 ppc
+ SuSE Linux 6.4 i386
+ SuSE Linux 6.4 alpha
+ OpenSSH OpenSSH 2.1.1 
+ SuSE Linux 7.0 sparc
+ SuSE Linux 7.0 ppc
+ SuSE Linux 7.0 i386
+ SuSE Linux 7.0 alpha
+ OpenSSH OpenSSH 2.1 
+ OpenSSH OpenSSH 1.2.3 
+ Blue Coat Systems Security Gateway OS 2.1.5001 SP1
+ OpenSSH OpenSSH 1.2.2 
+ OpenSSH OpenSSH 7.7
+ OpenSSH OpenSSH 7.6
+ OpenSSH OpenSSH 7.4
+ OpenSSH OpenSSH 7.3
+ OpenSSH OpenSSH 7.2
+ OpenSSH OpenSSH 7.1
+ OpenSSH OpenSSH 7.0
+ OpenSSH OpenSSH 6.9
+ OpenSSH OpenSSH 6.8
+ OpenSSH OpenSSH 6.7
+ NetBSD NetBSD 1.5.1 
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD 
+ S.u.S.E. Linux Live-CD for Firewall 
+ S.u.S.E. SuSE eMail Server III 
+ SCO Open Server 5.0.6 a
+ SCO Open Server 5.0.6 
+ SCO Open Server 5.0.5 
+ SCO Open Server 5.0.4 
+ SCO Open Server 5.0.3 
+ SCO Open Server 5.0.2 
+ SCO Open Server 5.0.1 
+ SCO Open Server 5.0 
+ SuSE Linux 7.3 
+ SuSE Linux 7.2 
+ SuSE Linux 7.1 
+ SuSE SUSE Linux Enterprise Server 7
+ OpenSSH OpenSSH 6.6
+ OpenSSH OpenSSH 6.5
+ OpenSSH OpenSSH 6.4
+ OpenSSH OpenSSH 6.3
+ OpenSSH OpenSSH 6.2
+ OpenSSH OpenSSH 6.1
+ OpenSSH OpenSSH 6.0
+ OpenSSH OpenSSH 5.8
+ OpenSSH OpenSSH 5.7
+ OpenSSH OpenSSH 5.6
+ OpenSSH OpenSSH 5.5
+ OpenSSH OpenSSH 4.5
+ OpenSSH OpenSSH 1.127
+ OpenSSH OpenSSH 1.126
+ OpenBSD OpenSSH 6.0 
+ OpenBSD OpenSSH 3.0.2 
+ OpenBSD OpenSSH 2.5.2 
+ OpenBSD OpenSSH 2.3.1 
+ OpenBSD OpenBSD 2.8 
+ OpenBSD OpenBSD 2.7 
+ OpenBSD OpenBSD 2.6 
+ OpenBSD OpenSSH 2.1 
+ OpenBSD OpenSSH 1.2.3 
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 
+ OpenBSD OpenSSH 1.2 
+ OpenBSD OpenSSH 6.6
+ OpenBSD OpenSSH 6.5
+ OpenBSD OpenSSH 6.4
+ OpenBSD OpenSSH 5.9
+ OpenBSD OpenSSH 5.8
+ OpenBSD OpenSSH 5.7
+ OpenBSD OpenSSH 5.4
+ OpenBSD OpenSSH 5.2
+ OpenBSD OpenSSH 5.1
+ OpenBSD OpenSSH 4.9
+ OpenBSD OpenSSH 4.8
+ OpenBSD OpenSSH 4.7
+ OpenBSD OpenSSH 4.6
+ OpenBSD OpenSSH 4.4
+ OpenBSD OpenSSH 4.3
+ OpenBSD OpenSSH 4.2
+ OpenBSD OpenSSH 4.1
+ OpenBSD OpenSSH 4.0

文件快照

 [4.0K]  /data/pocs/9eafe8869abb77e643046e599422f4644ef0af97
├── [3.4K]  openssh.py
└── [3.7K]  README.md

0 directories, 2 files

备注