CVE-2016-0778

high

Description

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

References

Advisories
More

https://security.gentoo.org/glsa/201601-01

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

https://bto.bluecoat.com/security-advisory/sa109

http://www.ubuntu.com/usn/USN-2869-1

http://www.securitytracker.com/id/1034671

http://www.securityfocus.com/bid/80698

http://www.securityfocus.com/archive/1/537295/100/0/threaded

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.debian.org/security/2016/dsa-3446

http://seclists.org/fulldisclosure/2016/Jan/44

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

https://support.apple.com/HT206167

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

http://www.openssh.com/txt/release-7.1p2

Details

Source: Mitre, NVD

Published: 2016-01-14

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0127