CVE-2016-0778
Published Jan 14, 2016
Last updated 2 years ago
Overview
- Description
- The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:N/AC:H/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B"
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA9D704A-D1E7-4989-9136-1EAD72EF6BE5"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78735121-6BA0-4158-B3D5-E4BACCA5E95A"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "270BABBA-70A8-4FC7-962D-0D0D40F4497F"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A710EC9F-1352-4DF0-B1CF-9C51ACB078CB"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA4F797B-8E2C-41AC-AA29-D6B50A539B2F"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F482203-0CF1-403C-A25C-9B0DA24F6282"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E74684E-71D3-4458-A8BA-5248982273F3"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F3D478C-221F-4A07-8520-CD8856A75DCA"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B018B05B-1311-4E0F-A9D0-620C1BF904A1"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "728372F8-6561-473D-B54D-1DB41DA1CF55"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11BDA49F-C3E7-4D32-8105-E75525BFB2D4"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE153B9F-721D-42ED-A662-C2597B7BF073"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "254243DD-2E3E-48ED-A92C-8F4FD405DA57"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCF734D8-1F01-498C-A917-5B528BFD9CAA"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "492F661C-45E4-4B9B-AD26-1873D91DBEA6"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "546EB570-C2AC-473B-BED8-C47167D2593A"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA2C8269-9C66-4E41-A56C-ACC709DC2053"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64382F2C-15AC-41FE-A936-CEB44C1AFB9F"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20B099B9-3D7E-47A4-94A5-B89759189D26"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65A8629A-CFAE-4403-BEE7-622912483702"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50836FA3-8116-4D58-B73E-B4830FB3A551"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0607649-62FE-41CB-9444-53CD9C5B67C0"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3397D8DC-3410-401F-8854-BFCC35AD6686"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B0FB8D5-75CB-4691-AB9F-B4FA46973421"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42DCED2D-76C5-49D1-A72D-E578CF686F5A"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67E1B240-BD86-41D3-BAC1-96005CB31DEE"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BFC8587-FB9E-4FE2-B725-81CE3CE590F8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A5FFEDD-1D4A-42A1-964A-88696925859A",
"versionEndIncluding": "10.9.5",
"versionStartIncluding": "10.9.0"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E4E9ED2-42E1-47F3-AFB4-C92A4E4FB554",
"versionEndIncluding": "10.10.5",
"versionStartIncluding": "10.10.0"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2461051C-EB76-4022-8BBC-B3D26635240B",
"versionEndIncluding": "10.11.3",
"versionStartIncluding": "10.11.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58F4BE0A-DBE6-45F7-9FA6-6A0BE2566631",
"versionEndIncluding": "15.07"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9857D3A8-7942-4624-B3D6-9943D34030B8"
}
],
"operator": "OR"
}
]
}
]