CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Published : 2016-01-14 22:59 Updated : 2019-02-20 16:58

4.6
CVSS Score More info
Score 4.6 / 10
4.6
Vendor Product Version URI
Sophos Unified Threat Management Software 9.353 cpe:/a:sophos:unified_threat_management_software:9.353
Openbsd Openssh 5.6 cpe:/a:openbsd:openssh:5.6:p1
Openbsd Openssh 6.5 cpe:/a:openbsd:openssh:6.5:p1
Openbsd Openssh 5.5 cpe:/a:openbsd:openssh:5.5:p1
Openbsd Openssh 6.4 cpe:/a:openbsd:openssh:6.4:p1
Openbsd Openssh 5.4 cpe:/a:openbsd:openssh:5.4:p1
Openbsd Openssh 6.3 cpe:/a:openbsd:openssh:6.3:p1
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2:p1
Openbsd Openssh 7.1 cpe:/a:openbsd:openssh:7.1:p1
Openbsd Openssh 6.9 cpe:/a:openbsd:openssh:6.9
Openbsd Openssh 6.9 cpe:/a:openbsd:openssh:6.9:p1
Oracle Linux 7.0 cpe:/o:oracle:linux:7.0
Openbsd Openssh 5.9 cpe:/a:openbsd:openssh:5.9:p1
Openbsd Openssh 5.9 cpe:/a:openbsd:openssh:5.9
Openbsd Openssh 6.8 cpe:/a:openbsd:openssh:6.8
Openbsd Openssh 6.8 cpe:/a:openbsd:openssh:6.8:p1
Openbsd Openssh 5.8 cpe:/a:openbsd:openssh:5.8:p1
Openbsd Openssh 6.7 cpe:/a:openbsd:openssh:6.7:p1
Openbsd Openssh 5.7 cpe:/a:openbsd:openssh:5.7:p1
Openbsd Openssh 6.6 cpe:/a:openbsd:openssh:6.6:p1
Apple Mac Os X 10.9.5 cpe:/o:apple:mac_os_x:10.9.5
Openbsd Openssh 6.1 cpe:/a:openbsd:openssh:6.1:p1
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2:p2
Openbsd Openssh 7.0 cpe:/a:openbsd:openssh:7.0:p1
Openbsd Openssh 6.0 cpe:/a:openbsd:openssh:6.0:p1
Hp Virtual Customer Access System 15.07 cpe:/o:hp:virtual_customer_access_system:15.07
Openbsd Openssh 5.6 cpe:/a:openbsd:openssh:5.6
Openbsd Openssh 6.5 cpe:/a:openbsd:openssh:6.5
Openbsd Openssh 5.5 cpe:/a:openbsd:openssh:5.5
Openbsd Openssh 6.4 cpe:/a:openbsd:openssh:6.4
Openbsd Openssh 5.8 cpe:/a:openbsd:openssh:5.8
Openbsd Openssh 6.7 cpe:/a:openbsd:openssh:6.7
Openbsd Openssh 5.7 cpe:/a:openbsd:openssh:5.7
Openbsd Openssh 6.6 cpe:/a:openbsd:openssh:6.6
Openbsd Openssh 6.1 cpe:/a:openbsd:openssh:6.1
Openbsd Openssh 7.0 cpe:/a:openbsd:openssh:7.0
Openbsd Openssh 6.0 cpe:/a:openbsd:openssh:6.0
Openbsd Openssh 5.4 cpe:/a:openbsd:openssh:5.4
Openbsd Openssh 6.3 cpe:/a:openbsd:openssh:6.3
Oracle Solaris 11.3 cpe:/o:oracle:solaris:11.3
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2
Openbsd Openssh 7.1 cpe:/a:openbsd:openssh:7.1
Apple Mac Os X 10.9.1 cpe:/o:apple:mac_os_x:10.9.1
Apple Mac Os X 10.9.2 cpe:/o:apple:mac_os_x:10.9.2
Apple Mac Os X 10.9.3 cpe:/o:apple:mac_os_x:10.9.3
Apple Mac Os X 10.9.4 cpe:/o:apple:mac_os_x:10.9.4
  1. Apple (1) Search CVE
    1. Mac Os X (5) Search CVE
      1. 10.9.5
      2. 10.9.1
      3. 10.9.2
      4. 10.9.3
      5. 10.9.4
  2. Oracle (2) Search CVE
    1. Linux (1) Search CVE
      1. 7.0
    2. Solaris (1) Search CVE
      1. 11.3
  3. Openbsd (1) Search CVE
    1. Openssh (18) Search CVE
      1. 5.6
      2. 6.5
      3. 5.5
      4. 6.4
      5. 5.4
      6. 6.3
      7. 6.2
      8. 7.1
      9. 6.9
      10. 5.9
      11. 6.8
      12. 5.8
      13. 6.7
      14. 5.7
      15. 6.6
      16. 6.1
      17. 7.0
      18. 6.0
  4. Sophos (1) Search CVE
    1. Unified Threat Management Software (1) Search CVE
      1. 9.353
  5. Hp (1) Search CVE
    1. Virtual Customer Access System (1) Search CVE
      1. 15.07

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

References

Source Link
BUGTRAQ http://www.securityfocus.com/archive/1/537295/100/0/threaded
APPLE http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
CONFIRM http://www.openssh.com/txt/release-7.1p2
MLIST http://www.openwall.com/lists/oss-security/2016/01/14/7
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
CONFIRM http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
CONFIRM https://support.apple.com/HT206167
CONFIRM https://bto.bluecoat.com/security-advisory/sa109
CONFIRM https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
FULLDISC http://seclists.org/fulldisclosure/2016/Jan/44
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
DEBIAN http://www.debian.org/security/2016/dsa-3446
SECTRACK http://www.securitytracker.com/id/1034671
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
CONFIRM https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
UBUNTU http://www.ubuntu.com/usn/USN-2869-1
BID http://www.securityfocus.com/bid/80698
GENTOO https://security.gentoo.org/glsa/201601-01
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
MISC http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

History of changes

Date Event
2019-02-20 16:58
2018-10-09 19:58
2016-01-14 22:59

New CVE