OpenSSH: authentication limits (MaxAuthTries) bypass (CVE-2015-5600)

Advisory ID: 15-0009
Publish Date: 2015-09-04
Revision: 1.0

Summary

A vulnerability in OpenSSH has been identified which, under specific circumstances, would allow remote attacker to bypass MaxAuthTries settings, which would enable brute force attacks.

Detailed Description

OpenSSH allows for the setting of an authentication threshold. By design, exceeding this limit will result in the connection being closed.

This OpenSSH vulnerability allows an attacker to bypass this setting and request multiple password prompts, with the only limitation defined by a time value defined by another ssh server configuration parameter.

By means of this vulnerability, an attacker can initiate a large number of authentication attempts.

Windows based products and those using Mitel Standard Linux (MSL) are not affected. See the Affected Products section for a list of products confirmed to be affected.

Affected Products

The Following products hve been identified as affected:

Product Name    Product Versions Security Bulletin  Last Updated 
Convergence 4675
4675.42.11 and earlier
15-0009-001 2015-09-04
Convergence 6719   6719.34.11 and earlier  15-0009-001 2015-09-04 
 FMC Controller (Comdasys MC Controller,
Mitel Mobile Client Controller)
 10684.21.7 and earlier
 15-0009-001 2015-09-04 
 FMC Controller for Intelligate  10684.16.12 and earlier  15-0009-001  2015-09-04
Mitel 700   5.0, 6.0  15-0009-002  2015-09-04
 MiVoice MX-ONE  5.0, 6.0  15-0009-002  2015-09-04
MX-ONE Manager (Provisioning)   5.0, 6.0  15-0009-002 2015-09-04 
 MX-ONE Manager (Telephony System)  5.0, 6.0  15-0009-002  2015-09-04

 

Products Under Investigation

Mitel continues to evaluate products within the Mitel portfolio. The list of affected products above will be updated as new information is received.
Products Not Affected
Products using Mitel Standard Linux (MSL) are not affected, as are other solutions that do not ship with OpenSSH (for example, Windows applications).

Risk Assessment

CVE-2015-5600 assigned a CVSS v2 Score of 8.5 and identified risk as high. As part of Mitel’s analysis, the risk was rated lower as a result of environmental and product-specific considerations.
Refer to Mitel product Security Bulletins for additional statements regarding product-specific risk.

Mitigation / Recommended Action

As part of security best practice, customers are advised to implement long and complex passwords that would be resistant to brute force attacks.

Additional countermeasures include limiting access to system administration interfaces from trusted hosts and networks and implementing network security solutions (Firewalls, Network Intrusion Prevention solutions) in the environment to regulate traffic and detect abnormal traffic patterns.

In cases where customers have installed OpenSSH on systems used to host Mitel applications, they are advised to consult the links provided in the External References section for additional guidance on recommended configuration changes.

Additional recommendations and mitigation will be provided by means of product-specific Security Bulletins referenced above, and this Security Advisory will be updated as new information is available.

External References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5600
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5600
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/

Related CVEs / Advisories

CVE-2015-5600

Ready to talk to sales? Contact us.