CVE-2016-0778
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
- http://www.securityfocus.com/archive/1/537295/100/0/threaded
- https://support.apple.com/HT206167
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.openssh.com/txt/release-7.1p2
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
- http://www.securityfocus.com/bid/80698
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- https://bto.bluecoat.com/security-advisory/sa109
- http://www.securitytracker.com/id/1034671
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
- https://security.gentoo.org/glsa/201601-01
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- http://www.openwall.com/lists/oss-security/2016/01/14/7
- http://seclists.org/fulldisclosure/2016/Jan/44
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
- http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
- http://www.ubuntu.com/usn/USN-2869-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.debian.org/security/2016/dsa-3446
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
- http://www.securityfocus.com/archive/1/537295/100/0/threaded
- https://support.apple.com/HT206167
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.openssh.com/txt/release-7.1p2
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
- http://www.securityfocus.com/bid/80698
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- https://bto.bluecoat.com/security-advisory/sa109
- http://www.securitytracker.com/id/1034671
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
- https://security.gentoo.org/glsa/201601-01
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- http://www.openwall.com/lists/oss-security/2016/01/14/7
- http://seclists.org/fulldisclosure/2016/Jan/44
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
- http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
- http://www.ubuntu.com/usn/USN-2869-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.debian.org/security/2016/dsa-3446
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.