CVE-2016-10708 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
openbsd	openssh	𝑥 < 7.4
debian	debian_linux	7.0
debian	debian_linux	8.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
netapp	cloud_backup	-
netapp	data_ontap	-
netapp	data_ontap_edge	-
netapp	oncommand_unified_manager	9.4 ≤
netapp	service_processor	-
netapp	storagegrid	-
netapp	storagegrid_webscale	-
netapp	clustered_data_ontap	-
netapp	vasa_provider	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssh

bullseye (security)	1:8.4p1-5+deb11u3 fixed
bullseye	1:8.4p1-5+deb11u3 fixed
bookworm	1:9.2p1-2+deb12u3 fixed
bookworm (security)	1:9.2p1-2+deb12u3 fixed
sid	1:9.9p1-3 fixed
trixie	1:9.9p1-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssh

hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	not-affected
xenial	Fixed 1:7.2p2-4ubuntu2.6 released
trusty	Fixed 1:6.6p1-2ubuntu2.11 released

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html

http://www.securityfocus.com/bid/102780

https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737

https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

https://security.netapp.com/advisory/ntap-20180423-0003/

https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/3809-1/

https://www.openssh.com/releasenotes.html

http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html

http://www.securityfocus.com/bid/102780

https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737

https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

https://security.netapp.com/advisory/ntap-20180423-0003/

https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/3809-1/

https://www.openssh.com/releasenotes.html