6.5

CVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SophosUnified Threat Management Software Version9.318
   SophosUnified Threat Management Version110
   SophosUnified Threat Management Version120
   SophosUnified Threat Management Version220
   SophosUnified Threat Management Version320
   SophosUnified Threat Management Version425
   SophosUnified Threat Management Version525
   SophosUnified Threat Management Version625
SophosUnified Threat Management Software Version9.353
   SophosUnified Threat Management Version110
   SophosUnified Threat Management Version120
   SophosUnified Threat Management Version220
   SophosUnified Threat Management Version320
   SophosUnified Threat Management Version425
   SophosUnified Threat Management Version525
   SophosUnified Threat Management Version625
OracleLinux Version7
OracleSolaris Version11.3
OpenbsdOpenssh Version5.0
OpenbsdOpenssh Version5.0 Updatep1
OpenbsdOpenssh Version5.1
OpenbsdOpenssh Version5.1 Updatep1
OpenbsdOpenssh Version5.2
OpenbsdOpenssh Version5.2 Updatep1
OpenbsdOpenssh Version5.3
OpenbsdOpenssh Version5.3 Updatep1
OpenbsdOpenssh Version5.4
OpenbsdOpenssh Version5.4 Updatep1
OpenbsdOpenssh Version5.5
OpenbsdOpenssh Version5.5 Updatep1
OpenbsdOpenssh Version5.6
OpenbsdOpenssh Version5.6 Updatep1
OpenbsdOpenssh Version5.7
OpenbsdOpenssh Version5.7 Updatep1
OpenbsdOpenssh Version5.8
OpenbsdOpenssh Version5.8 Updatep1
OpenbsdOpenssh Version5.9
OpenbsdOpenssh Version5.9 Updatep1
OpenbsdOpenssh Version6.0
OpenbsdOpenssh Version6.0 Updatep1
OpenbsdOpenssh Version6.1
OpenbsdOpenssh Version6.1 Updatep1
OpenbsdOpenssh Version6.2
OpenbsdOpenssh Version6.2 Updatep1
OpenbsdOpenssh Version6.2 Updatep2
OpenbsdOpenssh Version6.3
OpenbsdOpenssh Version6.3 Updatep1
OpenbsdOpenssh Version6.4
OpenbsdOpenssh Version6.4 Updatep1
OpenbsdOpenssh Version6.5
OpenbsdOpenssh Version6.5 Updatep1
OpenbsdOpenssh Version6.6
OpenbsdOpenssh Version6.6 Updatep1
OpenbsdOpenssh Version6.7
OpenbsdOpenssh Version6.7 Updatep1
OpenbsdOpenssh Version6.8
OpenbsdOpenssh Version6.8 Updatep1
OpenbsdOpenssh Version6.9
OpenbsdOpenssh Version6.9 Updatep1
OpenbsdOpenssh Version7.0
OpenbsdOpenssh Version7.0 Updatep1
OpenbsdOpenssh Version7.1
OpenbsdOpenssh Version7.1 Updatep1
ApplemacOS X Version <= 10.11.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 63.47% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Third Party Advisory
Mailing List
https://support.apple.com/HT206167
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Third Party Advisory
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
Third Party Advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jan/44
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3446
Third Party Advisory
http://www.openssh.com/txt/release-7.1p2
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/01/14/7
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/537295/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/80695
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034671
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2869-1
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa109
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
Third Party Advisory
https://security.gentoo.org/glsa/201601-01
Third Party Advisory