CVE-2016-0777
Published Jan 14, 2016
Last updated 2 years ago
Overview
- Description
- The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFA93870-577B-4D53-A61D-22E024F96B16"
},
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9857D3A8-7942-4624-B3D6-9943D34030B8"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:110:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E9D7BF2E-1DEB-474A-8DEE-0A2D1A9B1A77"
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:120:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CE59783E-6A2D-4777-9BA2-8527DA6B32BA"
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:220:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "646FEB9F-2F54-4946-9687-C2EC28144C97"
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:320:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "57654458-F143-4D70-9D52-0A242F3177A1"
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:425:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A6527EC0-536E-4BF0-9949-8FA4A4E64688"
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:525:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "21A9EA52-E9F1-4267-86BC-570ED1ECC7B1"
},
{
"criteria": "cpe:2.3:h:sophos:unified_threat_management:625:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "280976E2-D7A8-43B7-A57C-66920BC91DAB"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B"
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "727CC471-6473-4C8D-8D1A-D8B3C6AB21CD"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CEDBF5F-23BD-4A60-926A-B822D5E3BFB5"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAF922B2-2FE6-4401-A4F1-914C637F5450"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4ECE74F4-8E7B-42FA-A2DD-2EE0681DA4B6"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA9D704A-D1E7-4989-9136-1EAD72EF6BE5"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78735121-6BA0-4158-B3D5-E4BACCA5E95A"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "270BABBA-70A8-4FC7-962D-0D0D40F4497F"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A710EC9F-1352-4DF0-B1CF-9C51ACB078CB"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA4F797B-8E2C-41AC-AA29-D6B50A539B2F"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F482203-0CF1-403C-A25C-9B0DA24F6282"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E74684E-71D3-4458-A8BA-5248982273F3"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F3D478C-221F-4A07-8520-CD8856A75DCA"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B018B05B-1311-4E0F-A9D0-620C1BF904A1"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "728372F8-6561-473D-B54D-1DB41DA1CF55"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11BDA49F-C3E7-4D32-8105-E75525BFB2D4"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE153B9F-721D-42ED-A662-C2597B7BF073"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "254243DD-2E3E-48ED-A92C-8F4FD405DA57"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCF734D8-1F01-498C-A917-5B528BFD9CAA"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "492F661C-45E4-4B9B-AD26-1873D91DBEA6"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "546EB570-C2AC-473B-BED8-C47167D2593A"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA2C8269-9C66-4E41-A56C-ACC709DC2053"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64382F2C-15AC-41FE-A936-CEB44C1AFB9F"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20B099B9-3D7E-47A4-94A5-B89759189D26"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65A8629A-CFAE-4403-BEE7-622912483702"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50836FA3-8116-4D58-B73E-B4830FB3A551"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0607649-62FE-41CB-9444-53CD9C5B67C0"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3397D8DC-3410-401F-8854-BFCC35AD6686"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B0FB8D5-75CB-4691-AB9F-B4FA46973421"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42DCED2D-76C5-49D1-A72D-E578CF686F5A"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67E1B240-BD86-41D3-BAC1-96005CB31DEE"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BFC8587-FB9E-4FE2-B725-81CE3CE590F8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:remote_device_access_virtual_customer_access_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E172D760-1D72-4712-8A80-E9FB5B076E7F",
"versionEndIncluding": "15.07"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
"versionEndIncluding": "10.11.3"
}
],
"operator": "OR"
}
]
}
]