CVE-2016-0777

medium

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

References

https://support.apple.com/HT206167

https://security.gentoo.org/glsa/201601-01

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://bto.bluecoat.com/security-advisory/sa109

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

http://www.ubuntu.com/usn/USN-2869-1

http://www.securitytracker.com/id/1034671

http://www.securityfocus.com/bid/80695

http://www.securityfocus.com/archive/1/537295/100/0/threaded

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.openwall.com/lists/oss-security/2016/01/14/7

http://www.openssh.com/txt/release-7.1p2

http://www.debian.org/security/2016/dsa-3446

http://seclists.org/fulldisclosure/2016/Jan/44

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

Details

Source: Mitre, NVD

Published: 2016-01-14

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium