CVE-2016-0777

MEDIUM

OpenSSH <7.1p2 - Info Disclosure

Title source: llm

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Exploits (1)

nomisec WRITEUP

by Abdirisaq-ali-aynab · poc

https://github.com/Abdirisaq-ali-aynab/openssh-vulnerability-assessment

View Code ZIP pw:eip

References (34)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

[Third Party Advisory] http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2016/Jan/44

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3446

[Vendor Advisory] http://www.openssh.com/txt/release-7.1p2

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/01/14/7

[Third Party Advisory] http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

[Third Party Advisory] http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

... and 14 more

Scores

CVSS v3 6.5

EPSS 0.6720

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (50)

sophos/unified_threat_management_software

sophos/unified_threat_management_software

oracle/linux

oracle/solaris

openbsd/openssh

openbsd/openssh

openbsd/openssh

openbsd/openssh

openbsd/openssh

openbsd/openssh

openbsd/openssh

openbsd/openssh

openbsd/openssh

openbsd/openssh

openbsd/openssh

... and 35 more

Timeline

Published Jan 14, 2016

Tracked Since Feb 18, 2026