Vulnerability CVE-2016-0778
Published: 2016-01-14   Modified: 2016-01-15

Description:
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

See advisories in our WLB2 database:
Topic
Author
Date
High
OpenSSH client Information Leak and Buffer Overflow
Qualys
15.01.2016

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:H/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Remote
High
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Sophos -> Unified threat management software 
Oracle -> Linux 
Oracle -> Solaris 
Openbsd -> Openssh 
HP -> Virtual customer access system 
Apple -> Mac os x 

 References:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://seclists.org/fulldisclosure/2016/Jan/44
http://www.debian.org/security/2016/dsa-3446
http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/archive/1/537295/100/0/threaded
http://www.securityfocus.com/bid/80698
http://www.securitytracker.com/id/1034671
http://www.ubuntu.com/usn/USN-2869-1
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
https://bto.bluecoat.com/security-advisory/sa109
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://security.gentoo.org/glsa/201601-01
https://support.apple.com/HT206167
Copyright 2024, cxsecurity.com

 

Back to Top