CVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
sophosunified_threat_management_software
9.318
sophosunified_threat_management_software
9.353
oraclesolaris
11.3
openbsdopenssh
5.0
openbsdopenssh
5.0:p1
openbsdopenssh
5.1
openbsdopenssh
5.1:p1
openbsdopenssh
5.2
openbsdopenssh
5.2:p1
openbsdopenssh
5.3
openbsdopenssh
5.3:p1
openbsdopenssh
5.4
openbsdopenssh
5.4:p1
openbsdopenssh
5.5
openbsdopenssh
5.5:p1
openbsdopenssh
5.6
openbsdopenssh
5.6:p1
openbsdopenssh
5.7
openbsdopenssh
5.7:p1
openbsdopenssh
5.8
openbsdopenssh
5.8:p1
openbsdopenssh
5.9
openbsdopenssh
5.9:p1
openbsdopenssh
6.0
openbsdopenssh
6.0:p1
openbsdopenssh
6.1
openbsdopenssh
6.1:p1
openbsdopenssh
6.2
openbsdopenssh
6.2:p1
openbsdopenssh
6.2:p2
openbsdopenssh
6.3
openbsdopenssh
6.3:p1
openbsdopenssh
6.4
openbsdopenssh
6.4:p1
openbsdopenssh
6.5
openbsdopenssh
6.5:p1
openbsdopenssh
6.6
openbsdopenssh
6.6:p1
openbsdopenssh
6.7
openbsdopenssh
6.7:p1
openbsdopenssh
6.8
openbsdopenssh
6.8:p1
openbsdopenssh
6.9
openbsdopenssh
6.9:p1
openbsdopenssh
7.0
openbsdopenssh
7.0:p1
openbsdopenssh
7.1
openbsdopenssh
7.1:p1
hpremote_device_access_virtual_customer_access_system
𝑥
≤ 15.07
applemac_os_x
𝑥
≤ 10.11.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
bullseye (security)
1:8.4p1-5+deb11u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
precise
Fixed 1:5.9p1-5ubuntu1.8
released
trusty
Fixed 1:6.6p1-2ubuntu2.4
released
vivid
Fixed 1:6.7p1-5ubuntu1.4
released
wily
Fixed 1:6.9p1-2ubuntu0.1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
openssh
RHEL 7
0:6.6.1p1-23.el7_2
fixed
openssh-askpass
RHEL 7
0:6.6.1p1-23.el7_2
fixed
openssh-clients
RHEL 7
0:6.6.1p1-23.el7_2
fixed
openssh-keycat
RHEL 7
0:6.6.1p1-23.el7_2
fixed
openssh-ldap
RHEL 7
0:6.6.1p1-23.el7_2
fixed
openssh-server
RHEL 7
0:6.6.1p1-23.el7_2
fixed
openssh-server-sysvinit
RHEL 7
0:6.6.1p1-23.el7_2
fixed
pam
RHEL 7
0:0.9.3-9.23.el7_2
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
openssh
Amazon Linux 1
0:6.6.1p1-23.59.amzn1
fixed
openssh-clients
Amazon Linux 1
0:6.6.1p1-23.59.amzn1
fixed
openssh-debuginfo
Amazon Linux 1
0:6.6.1p1-23.59.amzn1
fixed
openssh-keycat
Amazon Linux 1
0:6.6.1p1-23.59.amzn1
fixed
openssh-ldap
Amazon Linux 1
0:6.6.1p1-23.59.amzn1
fixed
openssh-server
Amazon Linux 1
0:6.6.1p1-23.59.amzn1
fixed
pam_ssh_agent_auth
Amazon Linux 1
0:0.9.3-9.23.59.amzn1
fixed
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://seclists.org/fulldisclosure/2016/Jan/44
http://www.debian.org/security/2016/dsa-3446
http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/archive/1/537295/100/0/threaded
http://www.securityfocus.com/bid/80695
http://www.securitytracker.com/id/1034671
http://www.ubuntu.com/usn/USN-2869-1
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
https://bto.bluecoat.com/security-advisory/sa109
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
https://security.gentoo.org/glsa/201601-01
https://support.apple.com/HT206167
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://seclists.org/fulldisclosure/2016/Jan/44
http://www.debian.org/security/2016/dsa-3446
http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/archive/1/537295/100/0/threaded
http://www.securityfocus.com/bid/80695
http://www.securitytracker.com/id/1034671
http://www.ubuntu.com/usn/USN-2869-1
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
https://bto.bluecoat.com/security-advisory/sa109
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
https://security.gentoo.org/glsa/201601-01
https://support.apple.com/HT206167