6.5

CVE-2016-0777

EPSS 67.2%
Published 14.01.2016 22:59:01
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Affected products Warnungen 0 Metrics 3 CWE 1 References 37

Data is provided by the National Vulnerability Database (NVD)

Sophos ≫ Unified Threat Management Software Version9.318

   Sophos ≫ Unified Threat Management Version110
   Sophos ≫ Unified Threat Management Version120
   Sophos ≫ Unified Threat Management Version220
   Sophos ≫ Unified Threat Management Version320
   Sophos ≫ Unified Threat Management Version425
   Sophos ≫ Unified Threat Management Version525
   Sophos ≫ Unified Threat Management Version625

Sophos ≫ Unified Threat Management Software Version9.353

   Sophos ≫ Unified Threat Management Version110
   Sophos ≫ Unified Threat Management Version120
   Sophos ≫ Unified Threat Management Version220
   Sophos ≫ Unified Threat Management Version320
   Sophos ≫ Unified Threat Management Version425
   Sophos ≫ Unified Threat Management Version525
   Sophos ≫ Unified Threat Management Version625

Oracle ≫ Linux Version7

Oracle ≫ Solaris Version11.3

Openbsd ≫ Openssh Version5.0

Openbsd ≫ Openssh Version5.0 Updatep1

Openbsd ≫ Openssh Version5.1

Openbsd ≫ Openssh Version5.1 Updatep1

Openbsd ≫ Openssh Version5.2

Openbsd ≫ Openssh Version5.2 Updatep1

Openbsd ≫ Openssh Version5.3

Openbsd ≫ Openssh Version5.3 Updatep1

Openbsd ≫ Openssh Version5.4

Openbsd ≫ Openssh Version5.4 Updatep1

Openbsd ≫ Openssh Version5.5

Openbsd ≫ Openssh Version5.5 Updatep1

Openbsd ≫ Openssh Version5.6

Openbsd ≫ Openssh Version5.6 Updatep1

Openbsd ≫ Openssh Version5.7

Openbsd ≫ Openssh Version5.7 Updatep1

Openbsd ≫ Openssh Version5.8

Openbsd ≫ Openssh Version5.8 Updatep1

Openbsd ≫ Openssh Version5.9

Openbsd ≫ Openssh Version5.9 Updatep1

Openbsd ≫ Openssh Version6.0

Openbsd ≫ Openssh Version6.0 Updatep1

Openbsd ≫ Openssh Version6.1

Openbsd ≫ Openssh Version6.1 Updatep1

Openbsd ≫ Openssh Version6.2

Openbsd ≫ Openssh Version6.2 Updatep1

Openbsd ≫ Openssh Version6.2 Updatep2

Openbsd ≫ Openssh Version6.3

Openbsd ≫ Openssh Version6.3 Updatep1

Openbsd ≫ Openssh Version6.4

Openbsd ≫ Openssh Version6.4 Updatep1

Openbsd ≫ Openssh Version6.5

Openbsd ≫ Openssh Version6.5 Updatep1

Openbsd ≫ Openssh Version6.6

Openbsd ≫ Openssh Version6.6 Updatep1

Openbsd ≫ Openssh Version6.7

Openbsd ≫ Openssh Version6.7 Updatep1

Openbsd ≫ Openssh Version6.8

Openbsd ≫ Openssh Version6.8 Updatep1

Openbsd ≫ Openssh Version6.9

Openbsd ≫ Openssh Version6.9 Updatep1

Openbsd ≫ Openssh Version7.0

Openbsd ≫ Openssh Version7.0 Updatep1

Openbsd ≫ Openssh Version7.1

Openbsd ≫ Openssh Version7.1 Updatep1

Hp ≫ Remote Device Access Virtual Customer Access System Version <= 15.07

Apple ≫ macOS X Version <= 10.11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	67.2%	0.985

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Third Party Advisory

Mailing List

https://support.apple.com/HT206167

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

Third Party Advisory

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

Third Party Advisory

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

Third Party Advisory

VDB Entry

http://seclists.org/fulldisclosure/2016/Jan/44

Third Party Advisory

Mailing List

http://www.debian.org/security/2016/dsa-3446

Third Party Advisory

http://www.openssh.com/txt/release-7.1p2

Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/01/14/7

Third Party Advisory

Mailing List

http://www.securityfocus.com/archive/1/537295/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/80695

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1034671

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2869-1

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa109

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc

Third Party Advisory

https://security.gentoo.org/glsa/201601-01

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-0777

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0777

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0777

EUVD