CVE-2016-0778

HIGH

OpenSSH 5.x-7.x < 7.1p2 - Denial of Service via Roaming Connection Descriptor Mismanagement

Title source: llm
STIX 2.1

Description

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

References (31)

Core 31
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
Mailing List, Release Notes, Third Party Advisory vendor-advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Third Party Advisory, VDB Entry mailing-list
http://www.securityfocus.com/archive/1/537295/100/0/threaded
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/80698
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1034671
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201601-01
Exploit, Mailing List, Technical Description, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2016/01/14/7
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2016/Jan/44
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
Third Party Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2869-1
Third Party Advisory vendor-advisory
http://www.debian.org/security/2016/dsa-3446
Patch, Release Notes, Vendor Advisory
http://www.openssh.com/txt/release-7.1p2

Scores

CVSS v3 8.1
EPSS 0.0091
EPSS Percentile 76.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (23)
apple/mac_os_x 10.9.0 - 10.9.5
hp/virtual_customer_access_system < 15.07
openbsd/openssh 5.4 (2 CPE variants)
openbsd/openssh 5.5 (2 CPE variants)
openbsd/openssh 5.6 (2 CPE variants)
openbsd/openssh 5.7 (2 CPE variants)
openbsd/openssh 5.8 (2 CPE variants)
openbsd/openssh 5.9 (2 CPE variants)
openbsd/openssh 6.0 (2 CPE variants)
openbsd/openssh 6.1 (2 CPE variants)
... and 13 more
Published Jan 14, 2016
Tracked Since Feb 18, 2026