OpenSSH < 7.1p2 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9055
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote SSH client may be affected by multiple vulnerabilities.


Versions of OpenSSH prior to 7.1p2 are affected by multiple vulnerabilities:

- Using a specially crafted SSH server, a context-dependent attacker can disclose sensitive memory contents when the client authenticates to the server, such as the client's private SSH keys. (CVE-2016-0777)
- An unspecified overflow condition exists that is triggered as user-supplied input is not properly validated. With a specially crafted SSH server, a context-dependent attacker can cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-0778)

Note: NNM has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.
- A vulnerability exists that allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. (CVE-2016-1907)


Upgrade to OpenSSH version 7.1p2 or later.

See Also

Plugin Details

Severity: Medium

ID: 9055

Family: SSH

Published: 1/15/2016

Updated: 3/6/2019

Dependencies: 1968

Risk Information


Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Patch Publication Date: 1/14/2016

Vulnerability Publication Date: 1/14/2016

Reference Information

CVE: CVE-2016-0777, CVE-2016-0778, CVE-2016-1907

BID: 80695, 80698