MGASA-2015-0295

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2015-5600

Published: 28 Jul 2015, 21:01

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Jul 2015, 21:01

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated openssh package fixes security vulnerability The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used (the default configuration in Mageia), can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker in brute-force password guessing (CVE-2015-5600).

Affected Systems

mageia•openssh
< 6.2p2-3.4.mga4
mageia•openssh
< 6.6p1-5.3.mga5

References (3)

https://advisories.mageia.org/MGASA-2015-0295.html
https://bugs.mageia.org/show_bug.cgi?id=16456
http://openwall.com/lists/oss-security/2015/07/23/4