CVE-2016-0777

MEDIUM

OpenSSH <7.1p2 - Info Disclosure

Title source: llm

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Exploits (2)

nomisec WRITEUP

by Abdirisaq-ali-aynab · poc

https://github.com/Abdirisaq-ali-aynab/vulnerability-assessment

View Code ZIP pw:eip

nomisec WRITEUP

by Abdirisaq-ali-aynab · poc

https://github.com/Abdirisaq-ali-aynab/openssh-vulnerability-assessment

View Code ZIP pw:eip

References (34)

Core 34

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Mailing List, Third Party Advisory vendor-advisory

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Third Party Advisory, VDB Entry mailing-list

http://www.securityfocus.com/archive/1/537295/100/0/threaded

Mailing List, Third Party Advisory vendor-advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

Third Party Advisory, VDB Entry vdb-entry

http://www.securityfocus.com/bid/80695

Third Party Advisory vendor-advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc

Mailing List, Third Party Advisory vendor-advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

Third Party Advisory, VDB Entry vdb-entry

http://www.securitytracker.com/id/1034671

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/201601-01

Mailing List, Third Party Advisory mailing-list

http://www.openwall.com/lists/oss-security/2016/01/14/7

Mailing List, Third Party Advisory mailing-list

http://seclists.org/fulldisclosure/2016/Jan/44

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

Third Party Advisory vendor-advisory

http://www.ubuntu.com/usn/USN-2869-1

Third Party Advisory vendor-advisory

http://www.debian.org/security/2016/dsa-3446

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

Vendor Advisory

http://www.openssh.com/txt/release-7.1p2

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Third Party Advisory

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

Third Party Advisory

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa109

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Third Party Advisory

https://support.apple.com/HT206167

Scores

CVSS v3 6.5

EPSS 0.6720

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (27)

apple/mac_os_x < 10.11.3

hp/remote_device_access_virtual_customer_access_system < 15.07

openbsd/openssh 5.0 (2 CPE variants)

openbsd/openssh 5.1 (2 CPE variants)

openbsd/openssh 5.2 (2 CPE variants)

openbsd/openssh 5.3 (2 CPE variants)

openbsd/openssh 5.4 (2 CPE variants)

openbsd/openssh 5.5 (2 CPE variants)

openbsd/openssh 5.6 (2 CPE variants)

openbsd/openssh 5.7 (2 CPE variants)

... and 17 more

Published Jan 14, 2016

Tracked Since Feb 18, 2026