CVE-2016-0778
high
CVSS v3
8.1
CVSS v4 NEW
โ
VIR risk
8.1
Description
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Predictions
Exploit likelihood
88%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Apple Security HT ยท View original โ ยท proprietary-no-redistribution
Full prose not cached โ VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | | |
| debian | bookworm | fixed | 1:7.1p2-1 |
| debian | bullseye | fixed | 1:7.1p2-1 |
| debian | forky | fixed | 1:7.1p2-1 |
| debian | sid | fixed | 1:7.1p2-1 |
| debian | trixie | fixed | 1:7.1p2-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| openbsd | openssh | 5.4 | |
| openbsd | openssh | 5.5 | |
| openbsd | openssh | 5.6 | |
| openbsd | openssh | 5.7 | |
| openbsd | openssh | 5.8 | |
| openbsd | openssh | 5.9 | |
| openbsd | openssh | 6.0 | |
| openbsd | openssh | 6.1 | |
| openbsd | openssh | 6.2 | |
| openbsd | openssh | 6.3 | |
| openbsd | openssh | 6.4 | |
| openbsd | openssh | 6.5 | |
| openbsd | openssh | 6.6 | |
| openbsd | openssh | 6.7 | |
| openbsd | openssh | 6.8 | |
| openbsd | openssh | 6.9 | |
| openbsd | openssh | 7.0 | |
| openbsd | openssh | 7.1 | |
| sophos | unified_threat_management_software | 9.353 | |
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
- http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- http://seclists.org/fulldisclosure/2016/Jan/44
- http://www.debian.org/security/2016/dsa-3446
- http://www.openssh.com/txt/release-7.1p2
- http://www.openwall.com/lists/oss-security/2016/01/14/7
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/archive/1/537295/100/0/threaded
- http://www.securityfocus.com/bid/80698
- http://www.securitytracker.com/id/1034671
- http://www.ubuntu.com/usn/USN-2869-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://bto.bluecoat.com/security-advisory/sa109
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.