CVE-2016-10009

EPSS 1.58%
Published 05.01.2017 02:59:03
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

Affected products Warnungen 0 Metrics 3 CWE 1 References 23

Data is provided by the National Vulnerability Database (NVD)

Openbsd ≫ Openssh Version <= 7.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.58%	0.809

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html

http://seclists.org/fulldisclosure/2023/Jul/31

http://www.openwall.com/lists/oss-security/2023/07/19/9

http://www.openwall.com/lists/oss-security/2023/07/20/1

https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

https://access.redhat.com/errata/RHSA-2017:2029

http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html

http://www.openwall.com/lists/oss-security/2016/12/19/2

Mailing List

Release Notes

http://www.securityfocus.com/bid/94968