Are SonicWall firewalls vulnerable against CVE-2016-6515?

Description

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Resolution

SonicOS (firewall) is not vulnerable as it does not use OpenSSH code for authentication.

References used:

  • https://nvd.nist.gov/vuln/detail/CVE-2016-6515

Related Articles

  • SSH password authentication fails after OpenSSH upgrade
    Read More
  • Where can I download SonicWall stencils?
    Read More
  • Configuring High Availability Monitoring settings
    Read More

Categories

Firewalls
SonicWall NSA Series
Firmware
Firewalls
SonicWall SuperMassive 9000 Series
Firmware
Firewalls
TZ Series
Firmware
not finding your answers?
Ask the Community
Chat