CVE-2016-0777

MEDIUM

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

http://seclists.org/fulldisclosure/2016/Jan/44

http://www.debian.org/security/2016/dsa-3446

http://www.openssh.com/txt/release-7.1p2

http://www.openwall.com/lists/oss-security/2016/01/14/7

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/archive/1/537295/100/0/threaded

http://www.securityfocus.com/bid/80695

http://www.securitytracker.com/id/1034671

http://www.ubuntu.com/usn/USN-2869-1

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

https://bto.bluecoat.com/security-advisory/sa109

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc

https://security.gentoo.org/glsa/201601-01

https://support.apple.com/HT206167

Details

Source: MITRE

Published: 2016-01-14

Updated: 2019-02-20

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM