Mitel Product Security Advisory - 15-0009

OpenSSH: authentication limits (MaxAuthTries) bypass (CVE-2015-5600)

Advisory ID: 15-0009

Publish Date: 2015-09-04

Revision: 1.0

Summary

A vulnerability in OpenSSH has been identified which, under specific circumstances, would allow remote attacker to bypass MaxAuthTries settings, which would enable brute force attacks.

Detailed Description

OpenSSH allows for the setting of an authentication threshold. By design, exceeding this limit will result in the connection being closed.

This OpenSSH vulnerability allows an attacker to bypass this setting and request multiple password prompts, with the only limitation defined by a time value defined by another ssh server configuration parameter.

By means of this vulnerability, an attacker can initiate a large number of authentication attempts.

Windows based products and those using Mitel Standard Linux (MSL) are not affected. See the Affected Products section for a list of products confirmed to be affected.

Affected Products

The Following products hve been identified as affected:

Product Name

Product Versions

Security Bulletin

Last Updated

Convergence 4675

4675.42.11 and earlier

15-0009-001

2015-09-04

Convergence 6719

6719.34.11 and earlier

15-0009-001

2015-09-04

FMC Controller (Comdasys MC Controller,
Mitel Mobile Client Controller)

10684.21.7 and earlier

15-0009-001

2015-09-04

FMC Controller for Intelligate

10684.16.12 and earlier

15-0009-001

2015-09-04

Mitel 700

5.0, 6.0

15-0009-002

2015-09-04

MiVoice MX-ONE

5.0, 6.0

15-0009-002

2015-09-04

MX-ONE Manager (Provisioning)

5.0, 6.0

15-0009-002

2015-09-04

MX-ONE Manager (Telephony System)

5.0, 6.0

15-0009-002

2015-09-04

Products Under Investigation

Mitel continues to evaluate products within the Mitel portfolio. The list of affected products above will be updated as new information is received.

Products Not Affected

Products using Mitel Standard Linux (MSL) are not affected, as are other solutions that do not ship with OpenSSH (for example, Windows applications).

Risk Assessment

CVE-2015-5600 assigned a CVSS v2 Score of 8.5 and identified risk as high. As part of Mitel’s analysis, the risk was rated lower as a result of environmental and product-specific considerations.

Refer to Mitel product Security Bulletins for additional statements regarding product-specific risk.

Mitigation / Recommended Action

As part of security best practice, customers are advised to implement long and complex passwords that would be resistant to brute force attacks.

Additional countermeasures include limiting access to system administration interfaces from trusted hosts and networks and implementing network security solutions (Firewalls, Network Intrusion Prevention solutions) in the environment to regulate traffic and detect abnormal traffic patterns.

In cases where customers have installed OpenSSH on systems used to host Mitel applications, they are advised to consult the links provided in the External References section for additional guidance on recommended configuration changes.

Additional recommendations and mitigation will be provided by means of product-specific Security Bulletins referenced above, and this Security Advisory will be updated as new information is available.

External References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5600
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5600
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/

Related CVEs / Advisories

CVE-2015-5600