A denial of service vulnerability was found in openssh. The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Created openssh tracking bugs for this issue:
Affects: fedora-all [bug 1364936]
This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029
(In reply to Dhiru Kholia from comment #5)
> This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat
> Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Can you elaborate on this? My tests dosen't seem to support that claim for RHEL6 with default policies.
What do your tests show? The CVE was based on the fact that the password hashing is done on the non-truncated password if PAM is not used. However when PAM is used (which is the default and only supported configuration in RHEL) the password is truncated when unix_chkpwd is invoked during the PAM authentication.