CVE-2016-0777

⚪ Do wiadomości

Funkcja resend_bytes w OpenSSH umożliwia zdalnym serwerom uzyskanie poufnych informacji z pamięci procesu.

CVSS

6.5

EPSS

71.7%

Exploit

none

Vendor

openbsd

Opis źródłowy (NVD)

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

brak Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	6.5
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	71.7%
Opublikowano (NVD)	2016-01-14 22:59:01 UTC
Ostatnia modyfikacja (NVD)	2026-05-29 21:16:25 UTC

Referencje

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 (secalert@redhat.com) [Third Party Advisory]
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html (secalert@redhat.com) [Third Party Advisory, VDB Entry]
http://seclists.org/fulldisclosure/2016/Jan/44 (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://www.debian.org/security/2016/dsa-3446 (secalert@redhat.com) [Third Party Advisory]
http://www.openssh.com/txt/release-7.1p2 (secalert@redhat.com) [Vendor Advisory]
http://www.openwall.com/lists/oss-security/2016/01/14/7 (secalert@redhat.com) [Mailing List, Third Party Advisory]
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html (secalert@redhat.com) [Third Party Advisory]
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (secalert@redhat.com) [Third Party Advisory]
http://www.securityfocus.com/archive/1/537295/100/0/threaded (secalert@redhat.com) [Third Party Advisory, VDB Entry]
http://www.securityfocus.com/bid/80695 (secalert@redhat.com) [Third Party Advisory, VDB Entry]
http://www.securitytracker.com/id/1034671 (secalert@redhat.com) [Third Party Advisory, VDB Entry]
http://www.ubuntu.com/usn/USN-2869-1 (secalert@redhat.com) [Third Party Advisory]
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ (secalert@redhat.com) [Third Party Advisory]
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ (secalert@redhat.com) [Third Party Advisory]
https://bto.bluecoat.com/security-advisory/sa109 (secalert@redhat.com) [Third Party Advisory]
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf (secalert@redhat.com)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375 (secalert@redhat.com) [Third Party Advisory]
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 (secalert@redhat.com) [Third Party Advisory]
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 (secalert@redhat.com) [Third Party Advisory]
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 (secalert@redhat.com) [Third Party Advisory]
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc (secalert@redhat.com) [Third Party Advisory]
https://security.gentoo.org/glsa/201601-01 (secalert@redhat.com) [Third Party Advisory]
https://support.apple.com/HT206167 (secalert@redhat.com) [Third Party Advisory]