CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
oraclesolaris
11.3
openbsdopenssh
5.4
openbsdopenssh
5.4:p1
openbsdopenssh
5.5
openbsdopenssh
5.5:p1
openbsdopenssh
5.6
openbsdopenssh
5.6:p1
openbsdopenssh
5.7
openbsdopenssh
5.7:p1
openbsdopenssh
5.8
openbsdopenssh
5.8:p1
openbsdopenssh
5.9
openbsdopenssh
5.9:p1
openbsdopenssh
6.0
openbsdopenssh
6.0:p1
openbsdopenssh
6.1
openbsdopenssh
6.1:p1
openbsdopenssh
6.2
openbsdopenssh
6.2:p1
openbsdopenssh
6.2:p2
openbsdopenssh
6.3
openbsdopenssh
6.3:p1
openbsdopenssh
6.4
openbsdopenssh
6.4:p1
openbsdopenssh
6.5
openbsdopenssh
6.5:p1
openbsdopenssh
6.6
openbsdopenssh
6.6:p1
openbsdopenssh
6.7
openbsdopenssh
6.7:p1
openbsdopenssh
6.8
openbsdopenssh
6.8:p1
openbsdopenssh
6.9
openbsdopenssh
6.9:p1
openbsdopenssh
7.0
openbsdopenssh
7.0:p1
openbsdopenssh
7.1
openbsdopenssh
7.1:p1
applemac_os_x
10.9.0 ≤
𝑥
≤ 10.9.5
applemac_os_x
10.10.0 ≤
𝑥
≤ 10.10.5
applemac_os_x
10.11.0 ≤
𝑥
≤ 10.11.3
hpvirtual_customer_access_system
𝑥
≤ 15.07
sophosunified_threat_management_software
9.353
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bullseye (security)
1:8.4p1-5+deb11u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
wily
Fixed 1:6.9p1-2ubuntu0.1
released
vivid
Fixed 1:6.7p1-5ubuntu1.4
released
trusty
Fixed 1:6.6p1-2ubuntu2.4
released
precise
Fixed 1:5.9p1-5ubuntu1.8
released
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://seclists.org/fulldisclosure/2016/Jan/44
http://www.debian.org/security/2016/dsa-3446
http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/archive/1/537295/100/0/threaded
http://www.securityfocus.com/bid/80698
http://www.securitytracker.com/id/1034671
http://www.ubuntu.com/usn/USN-2869-1
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
https://bto.bluecoat.com/security-advisory/sa109
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://security.gentoo.org/glsa/201601-01
https://support.apple.com/HT206167
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://seclists.org/fulldisclosure/2016/Jan/44
http://www.debian.org/security/2016/dsa-3446
http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/archive/1/537295/100/0/threaded
http://www.securityfocus.com/bid/80698
http://www.securitytracker.com/id/1034671
http://www.ubuntu.com/usn/USN-2869-1
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
https://bto.bluecoat.com/security-advisory/sa109
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://security.gentoo.org/glsa/201601-01
https://support.apple.com/HT206167