Detections
Analytics

CVE-2016-0778

high

Description

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

References

https://support.apple.com/HT206167

https://security.gentoo.org/glsa/201601-01

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://bto.bluecoat.com/security-advisory/sa109

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

http://www.ubuntu.com/usn/USN-2869-1

http://www.securitytracker.com/id/1034671

http://www.securityfocus.com/bid/80698

http://www.securityfocus.com/archive/1/537295/100/0/threaded

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.openssh.com/txt/release-7.1p2

http://www.debian.org/security/2016/dsa-3446

http://seclists.org/fulldisclosure/2016/Jan/44

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

Details

Source: Mitre, NVD

Published: 2016-01-14

Updated: 2022-12-13

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High