CVE ID
CVE-2016-6515
DESCRIPTION
It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords.
RESOLUTION
- CentOS6 based Unitrends' appliances (physical and/or virtual), no fix is required.
- CentOS7 based Unitrends' appliances (physical and/or virtual), fix is in openssh-7.4p1-11.el7 and Unitrends' initial release of CentOS7 was with oepnssh-7.4p1-16.el7.