CVE-2016-0777 Information
Share on:Description
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x 6.x and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer as demonstrated by reading a private key.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Reference
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html http://seclists.org/fulldisclosure/2016/Jan/44 http://www.debian.org/security/2016/dsa-3446 http://www.openssh.com/txt/release-7.1p2 http://www.openwall.com/lists/oss-security/2016/01/14/7 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/archive/1/537295/100/0/threaded http://www.securityfocus.com/bid/80695 http://www.securitytracker.com/id/1034671 http://www.ubuntu.com/usn/USN-2869-1 https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ https://bto.bluecoat.com/security-advisory/sa109 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc https://security.gentoo.org/glsa/201601-01 https://support.apple.com/HT206167
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
6.5