Exploitation Summary
EIP tracks 2 public exploits for CVE-2016-0777. PoCs published by Abdirisaq-ali-aynab.
AI-analyzed exploit summary This repository provides a detailed vulnerability assessment for OpenSSH 6.6.1p1, focusing on CVE-2016-0777 and other related CVEs. It includes technical analysis, risk assessment, remediation steps, and MITRE ATT&CK mapping.
Description
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Exploits (2)
nomisec
WRITEUP
by Abdirisaq-ali-aynab · poc
https://github.com/Abdirisaq-ali-aynab/vulnerability-assessment
This repository provides a detailed vulnerability assessment for OpenSSH 6.6.1p1, focusing on CVE-2016-0777 and other related CVEs. It includes technical analysis, risk assessment, remediation steps, and MITRE ATT&CK mapping.
Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target:
OpenSSH 6.6.1p1
No auth needed
Prerequisites:
Outdated OpenSSH version (6.6.1p1) · Network access to the target system
devstral-2 · analyzed May 01, 2026
Full analysis →
nomisec
WRITEUP
by Abdirisaq-ali-aynab · poc
https://github.com/Abdirisaq-ali-aynab/openssh-vulnerability-assessment
This repository contains a detailed vulnerability assessment writeup for OpenSSH 6.6.1p1, focusing on CVE-2015-5600 and other related CVEs. It includes technical analysis, remediation steps, and MITRE ATT&CK mappings but does not contain exploit code.
Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
N/a
Reliability
N/a
Target:
OpenSSH 6.6.1p1
No auth needed
Prerequisites:
Outdated OpenSSH version (6.6.1p1) · Network access to the target system
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (34)
Core 34
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Third Party Advisory
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
Third Party Advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
Mailing List, Third Party Advisory vendor-advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
Third Party Advisory, VDB Entry mailing-list
http://www.securityfocus.com/archive/1/537295/100/0/threaded
Third Party Advisory
https://support.apple.com/HT206167
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/80695
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Third Party Advisory vendor-advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Vendor Advisory
http://www.openssh.com/txt/release-7.1p2
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa109
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1034671
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201601-01
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2016/01/14/7
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2016/Jan/44
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
Third Party Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2869-1
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory vendor-advisory
http://www.debian.org/security/2016/dsa-3446
Scores
CVSS v3
6.5
EPSS
0.6347
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (27)
apple/mac_os_x
< 10.11.3
hp/remote_device_access_virtual_customer_access_system
< 15.07
openbsd/openssh
5.0 (2 CPE variants)
openbsd/openssh
5.1 (2 CPE variants)
openbsd/openssh
5.2 (2 CPE variants)
openbsd/openssh
5.3 (2 CPE variants)
openbsd/openssh
5.4 (2 CPE variants)
openbsd/openssh
5.5 (2 CPE variants)
openbsd/openssh
5.6 (2 CPE variants)
openbsd/openssh
5.7 (2 CPE variants)
... and 17 more
Published
Jan 14, 2016
Tracked Since
Feb 18, 2026