CVE-2016-6515 F5 BIG-IP ASM OpenSSH Denial of Service Vulnerability (K31510510)

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Affected Versions:
BIG-IP ASM 11.4.0 - 11.6.1
BIG-IP ASM 11.2.1
BIG-IP ASM 10.2.1 - 10.2.4

QID Detection Logic:
This authenticated QID checks for the vulnerable versions of F5 BIG-IP devices.

Successful exploitation allows an attacker to disrupt service.

Customers are advised to refer to K31510510 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

K31510510