CVE-2016-0778
OpenSSH: Client buffer-overflow when using roaming connections
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2, cuando ciertas opciones proxy y forward se encuentran habilitadas, no mantiene adecuadamente los descriptores de archivo de conexión, lo que permite a servidores remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado mediante la petición de varios reenvíos.
A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-16 CVE Reserved
- 2016-01-14 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-09-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (33)
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/01/14/7 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
http://www.openssh.com/txt/release-7.1p2 | 2022-12-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 7 Search vendor "Oracle" for product "Linux" and version "7" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 11.3 Search vendor "Oracle" for product "Solaris" and version "11.3" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.4 Search vendor "Openbsd" for product "Openssh" and version "5.4" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.4 Search vendor "Openbsd" for product "Openssh" and version "5.4" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.5 Search vendor "Openbsd" for product "Openssh" and version "5.5" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.5 Search vendor "Openbsd" for product "Openssh" and version "5.5" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.6 Search vendor "Openbsd" for product "Openssh" and version "5.6" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.6 Search vendor "Openbsd" for product "Openssh" and version "5.6" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.7 Search vendor "Openbsd" for product "Openssh" and version "5.7" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.7 Search vendor "Openbsd" for product "Openssh" and version "5.7" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.8 Search vendor "Openbsd" for product "Openssh" and version "5.8" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.8 Search vendor "Openbsd" for product "Openssh" and version "5.8" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.9 Search vendor "Openbsd" for product "Openssh" and version "5.9" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 5.9 Search vendor "Openbsd" for product "Openssh" and version "5.9" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.0 Search vendor "Openbsd" for product "Openssh" and version "6.0" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.0 Search vendor "Openbsd" for product "Openssh" and version "6.0" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.1 Search vendor "Openbsd" for product "Openssh" and version "6.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.1 Search vendor "Openbsd" for product "Openssh" and version "6.1" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.2 Search vendor "Openbsd" for product "Openssh" and version "6.2" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.2 Search vendor "Openbsd" for product "Openssh" and version "6.2" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.2 Search vendor "Openbsd" for product "Openssh" and version "6.2" | p2 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.3 Search vendor "Openbsd" for product "Openssh" and version "6.3" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.3 Search vendor "Openbsd" for product "Openssh" and version "6.3" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.4 Search vendor "Openbsd" for product "Openssh" and version "6.4" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.4 Search vendor "Openbsd" for product "Openssh" and version "6.4" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.5 Search vendor "Openbsd" for product "Openssh" and version "6.5" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.5 Search vendor "Openbsd" for product "Openssh" and version "6.5" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.6 Search vendor "Openbsd" for product "Openssh" and version "6.6" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.6 Search vendor "Openbsd" for product "Openssh" and version "6.6" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.7 Search vendor "Openbsd" for product "Openssh" and version "6.7" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.7 Search vendor "Openbsd" for product "Openssh" and version "6.7" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.8 Search vendor "Openbsd" for product "Openssh" and version "6.8" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.8 Search vendor "Openbsd" for product "Openssh" and version "6.8" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.9 Search vendor "Openbsd" for product "Openssh" and version "6.9" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 6.9 Search vendor "Openbsd" for product "Openssh" and version "6.9" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 7.0 Search vendor "Openbsd" for product "Openssh" and version "7.0" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 7.0 Search vendor "Openbsd" for product "Openssh" and version "7.0" | p1 |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 7.1 Search vendor "Openbsd" for product "Openssh" and version "7.1" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 7.1 Search vendor "Openbsd" for product "Openssh" and version "7.1" | p1 |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | >= 10.9.0 <= 10.9.5 Search vendor "Apple" for product "Mac Os X" and version " >= 10.9.0 <= 10.9.5" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | >= 10.10.0 <= 10.10.5 Search vendor "Apple" for product "Mac Os X" and version " >= 10.10.0 <= 10.10.5" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | >= 10.11.0 <= 10.11.3 Search vendor "Apple" for product "Mac Os X" and version " >= 10.11.0 <= 10.11.3" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Virtual Customer Access System Search vendor "Hp" for product "Virtual Customer Access System" | <= 15.07 Search vendor "Hp" for product "Virtual Customer Access System" and version " <= 15.07" | - |
Affected
| ||||||
Sophos Search vendor "Sophos" | Unified Threat Management Software Search vendor "Sophos" for product "Unified Threat Management Software" | 9.353 Search vendor "Sophos" for product "Unified Threat Management Software" and version "9.353" | - |
Affected
|