F5 Networks BIG-IP : OpenSSH vulnerability (K24324390)

medium Nessus Plugin ID 119733

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. (CVE-2016-10011)

Impact

A locally authenticated attacker may be able to exploit this vulnerability and obtain sensitive key information.

Note : No such leak has been observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K24324390.

See Also

https://support.f5.com/csp/article/K24324390

Plugin Details

Severity: Medium

ID: 119733

File Name: f5_bigip_SOL24324390.nasl

Version: 1.6

Type: local

Published: 12/18/2018

Updated: 7/15/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-10011

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_link_controller, cpe:/h:f5:big-ip_protocol_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_webaccelerator

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/26/2017

Vulnerability Publication Date: 1/5/2017

Reference Information

CVE: CVE-2016-10011