A vulnerability in OpenSSH might allow remote attackers to determine valid usernames.
Package | net-misc/openssh on all architectures |
---|---|
Affected versions | < 7.7_p1-r8 |
Unaffected versions | >= 7.7_p1-r8 |
OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support.
It was discovered that OpenSSH was prone to a user enumeration vulnerability.
A remote attacker could conduct user enumeration.
There is no known workaround at this time.
All OpenSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.7_p1-r8"
Release date
October 06, 2018
Latest revision
October 06, 2018: 1
Severity
low
Exploitable
remote
Bugzilla entries