OpenSSH remote DoS in Universal Robots CB 3.1

by vmayoral
macOS ◆ xterm-256color ◆ zsh 2248 views

We found that the Universal Robots Controllers’ file system based in Debian is subject to CVE-2016-6210 which allows attackers with networking connection to the robot to cause a Denial of Service (DoS). The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Affects:

  • Universal Robots CB3.1, firmware version 3.12.1
  • Universal Robots CB3.1, firmware version 3.12
  • Universal Robots CB3.1, firmware version 3.11
  • Universal Robots CB3.1, firmware version 3.10