CVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Published : 2016-01-14 22:59 Updated : 2019-02-20 16:58

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Apple Mac Os X 10.11.3 cpe:/o:apple:mac_os_x:10.11.3
Openbsd Openssh 6.5 cpe:/a:openbsd:openssh:6.5:p1
Openbsd Openssh 6.4 cpe:/a:openbsd:openssh:6.4:p1
Openbsd Openssh 6.3 cpe:/a:openbsd:openssh:6.3:p1
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2:p1
Openbsd Openssh 6.9 cpe:/a:openbsd:openssh:6.9
Openbsd Openssh 6.9 cpe:/a:openbsd:openssh:6.9:p1
Oracle Linux 7.0 cpe:/o:oracle:linux:7.0
Openbsd Openssh 6.8 cpe:/a:openbsd:openssh:6.8
Openbsd Openssh 6.8 cpe:/a:openbsd:openssh:6.8:p1
Openbsd Openssh 6.7 cpe:/a:openbsd:openssh:6.7:p1
Openbsd Openssh 6.6 cpe:/a:openbsd:openssh:6.6:p1
Openbsd Openssh 6.1 cpe:/a:openbsd:openssh:6.1:p1
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2:p2
Openbsd Openssh 6.0 cpe:/a:openbsd:openssh:6.0:p1
Openbsd Openssh 5.0 cpe:/a:openbsd:openssh:5.0
Openbsd Openssh 5.6 cpe:/a:openbsd:openssh:5.6
Openbsd Openssh 5.5 cpe:/a:openbsd:openssh:5.5
Openbsd Openssh 5.8 cpe:/a:openbsd:openssh:5.8
Openbsd Openssh 5.7 cpe:/a:openbsd:openssh:5.7
Openbsd Openssh 5.2 cpe:/a:openbsd:openssh:5.2
Openbsd Openssh 7.0 cpe:/a:openbsd:openssh:7.0
Openbsd Openssh 5.1 cpe:/a:openbsd:openssh:5.1
Openbsd Openssh 5.4 cpe:/a:openbsd:openssh:5.4
Oracle Solaris 11.3 cpe:/o:oracle:solaris:11.3
Openbsd Openssh 5.3 cpe:/a:openbsd:openssh:5.3
Openbsd Openssh 7.1 cpe:/a:openbsd:openssh:7.1
Sophos Unified Threat Management Software 9.318 cpe:/a:sophos:unified_threat_management_software:9.318
Sophos Unified Threat Management Software 9.353 cpe:/a:sophos:unified_threat_management_software:9.353
Openbsd Openssh 5.6 cpe:/a:openbsd:openssh:5.6:p1
Openbsd Openssh 5.5 cpe:/a:openbsd:openssh:5.5:p1
Openbsd Openssh 5.4 cpe:/a:openbsd:openssh:5.4:p1
Openbsd Openssh 5.3 cpe:/a:openbsd:openssh:5.3:p1
Openbsd Openssh 7.1 cpe:/a:openbsd:openssh:7.1:p1
Openbsd Openssh 5.9 cpe:/a:openbsd:openssh:5.9:p1
Openbsd Openssh 5.9 cpe:/a:openbsd:openssh:5.9
Openbsd Openssh 5.8 cpe:/a:openbsd:openssh:5.8:p1
Openbsd Openssh 5.7 cpe:/a:openbsd:openssh:5.7:p1
Openbsd Openssh 5.2 cpe:/a:openbsd:openssh:5.2:p1
Openbsd Openssh 7.0 cpe:/a:openbsd:openssh:7.0:p1
Openbsd Openssh 5.1 cpe:/a:openbsd:openssh:5.1:p1
Hp Remote Device Access Virtual Customer Access System 15.07 cpe:/a:hp:remote_device_access_virtual_customer_access_system:15.07
Openbsd Openssh 5.0 cpe:/a:openbsd:openssh:5.0:p1
Openbsd Openssh 6.5 cpe:/a:openbsd:openssh:6.5
Openbsd Openssh 6.4 cpe:/a:openbsd:openssh:6.4
Openbsd Openssh 6.7 cpe:/a:openbsd:openssh:6.7
Openbsd Openssh 6.6 cpe:/a:openbsd:openssh:6.6
Openbsd Openssh 6.1 cpe:/a:openbsd:openssh:6.1
Openbsd Openssh 6.0 cpe:/a:openbsd:openssh:6.0
Openbsd Openssh 6.3 cpe:/a:openbsd:openssh:6.3
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2
  1. Apple (1) Search CVE
    1. Mac Os X (1) Search CVE
      1. 10.11.3
  2. Hp (1) Search CVE
    1. Remote Device Access Virtual Customer Access System (1) Search CVE
      1. 15.07
  3. Openbsd (1) Search CVE
    1. Openssh (22) Search CVE
      1. 6.5
      2. 6.4
      3. 6.3
      4. 6.2
      5. 6.9
      6. 6.8
      7. 6.7
      8. 6.6
      9. 6.1
      10. 6.0
      11. 5.0
      12. 5.6
      13. 5.5
      14. 5.8
      15. 5.7
      16. 5.2
      17. 7.0
      18. 5.1
      19. 5.4
      20. 5.3
      21. 7.1
      22. 5.9
  4. Oracle (2) Search CVE
    1. Solaris (1) Search CVE
      1. 11.3
    2. Linux (1) Search CVE
      1. 7.0
  5. Sophos (1) Search CVE
    1. Unified Threat Management Software (2) Search CVE
      1. 9.318
      2. 9.353

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

References

Source Link
CONFIRM http://www.openssh.com/txt/release-7.1p2
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
CONFIRM http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
CONFIRM https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
CONFIRM https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
CONFIRM https://support.apple.com/HT206167
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
CONFIRM https://bto.bluecoat.com/security-advisory/sa109
MLIST http://www.openwall.com/lists/oss-security/2016/01/14/7
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
DEBIAN http://www.debian.org/security/2016/dsa-3446
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
UBUNTU http://www.ubuntu.com/usn/USN-2869-1
GENTOO https://security.gentoo.org/glsa/201601-01
FULLDISC http://seclists.org/fulldisclosure/2016/Jan/44
SECTRACK http://www.securitytracker.com/id/1034671
BID http://www.securityfocus.com/bid/80695
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
MISC http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
APPLE http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
FREEBSD https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
BUGTRAQ http://www.securityfocus.com/archive/1/537295/100/0/threaded

History of changes

Date Event
2019-02-20 16:58
2018-10-09 19:58
2017-11-21 02:29
2016-01-14 22:59

New CVE