CVE-2016-0778 Information
Share on:Description
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x 6.x and 7.x before 7.1p2 when certain proxy and forward options are enabled do not properly maintain connection file descriptors which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html http://seclists.org/fulldisclosure/2016/Jan/44 http://www.debian.org/security/2016/dsa-3446 http://www.openssh.com/txt/release-7.1p2 http://www.openwall.com/lists/oss-security/2016/01/14/7 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/archive/1/537295/100/0/threaded http://www.securityfocus.com/bid/80698 http://www.securitytracker.com/id/1034671 http://www.ubuntu.com/usn/USN-2869-1 https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ https://bto.bluecoat.com/security-advisory/sa109 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://security.gentoo.org/glsa/201601-01 https://support.apple.com/HT206167
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.1