CVE-2016-0778

Sažetak

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Reference

http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
https://support.apple.com/HT206167
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/80698
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://seclists.org/fulldisclosure/2016/Jan/44
https://bto.bluecoat.com/security-advisory/sa109
http://www.debian.org/security/2016/dsa-3446
http://www.ubuntu.com/usn/USN-2869-1
https://security.gentoo.org/glsa/201601-01
http://www.securitytracker.com/id/1034671
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://www.securityfocus.com/archive/1/537295/100/0/threaded
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-12-2022 - 12:15

Objavljeno

14-01-2016 - 22:59