Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Published

2016-01-14T22:59:02.280

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	oracle	linux	7	Yes
Operating System	oracle	solaris	11.3	Yes
Application	openbsd	openssh	5.4	Yes
Application	openbsd	openssh	5.4	Yes
Application	openbsd	openssh	5.5	Yes
Application	openbsd	openssh	5.5	Yes
Application	openbsd	openssh	5.6	Yes
Application	openbsd	openssh	5.6	Yes
Application	openbsd	openssh	5.7	Yes
Application	openbsd	openssh	5.7	Yes
Application	openbsd	openssh	5.8	Yes
Application	openbsd	openssh	5.8	Yes
Application	openbsd	openssh	5.9	Yes
Application	openbsd	openssh	5.9	Yes
Application	openbsd	openssh	6.0	Yes
Application	openbsd	openssh	6.0	Yes
Application	openbsd	openssh	6.1	Yes
Application	openbsd	openssh	6.1	Yes
Application	openbsd	openssh	6.2	Yes
Application	openbsd	openssh	6.2	Yes
Application	openbsd	openssh	6.2	Yes
Application	openbsd	openssh	6.3	Yes
Application	openbsd	openssh	6.3	Yes
Application	openbsd	openssh	6.4	Yes
Application	openbsd	openssh	6.4	Yes
Application	openbsd	openssh	6.5	Yes
Application	openbsd	openssh	6.5	Yes
Application	openbsd	openssh	6.6	Yes
Application	openbsd	openssh	6.6	Yes
Application	openbsd	openssh	6.7	Yes
Application	openbsd	openssh	6.7	Yes
Application	openbsd	openssh	6.8	Yes
Application	openbsd	openssh	6.8	Yes
Application	openbsd	openssh	6.9	Yes
Application	openbsd	openssh	6.9	Yes
Application	openbsd	openssh	7.0	Yes
Application	openbsd	openssh	7.0	Yes
Application	openbsd	openssh	7.1	Yes
Application	openbsd	openssh	7.1	Yes
Operating System	apple	mac_os_x	≤ 10.9.5	Yes
Operating System	apple	mac_os_x	≤ 10.10.5	Yes
Operating System	apple	mac_os_x	≤ 10.11.3	Yes
Operating System	hp	virtual_customer_access_system	≤ 15.07	Yes
Application	sophos	unified_threat_management_software	9.353	Yes

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html Mailing List, Release Notes, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html Mailing List, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2016/Jan/44 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2016/dsa-3446 Third Party Advisory ([email protected])
http://www.openssh.com/txt/release-7.1p2 Patch, Release Notes, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/01/14/7 Exploit, Mailing List, Technical Description, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/537295/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/80698 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1034671 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-2869-1 Third Party Advisory ([email protected])
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ Release Notes, Vendor Advisory ([email protected])
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ Release Notes, Vendor Advisory ([email protected])
https://bto.bluecoat.com/security-advisory/sa109 Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201601-01 Third Party Advisory ([email protected])
https://support.apple.com/HT206167 Vendor Advisory ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html Mailing List, Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Jan/44 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3446 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openssh.com/txt/release-7.1p2 Patch, Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/01/14/7 Exploit, Mailing List, Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/537295/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/80698 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034671 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2869-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bto.bluecoat.com/security-advisory/sa109 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201601-01 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT206167 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)