CVE-2016-0778
Summary
| CVE | CVE-2016-0778 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-01-14 22:59:00 UTC |
| Updated | 2022-12-13 12:15:00 UTC |
| Description | The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Hp | Virtual Customer Access System | All | All | All | All |
| Application | Openbsd | Openssh | 5.4 | All | All | All |
| Application | Openbsd | Openssh | 5.4 | p1 | All | All |
| Application | Openbsd | Openssh | 5.5 | All | All | All |
| Application | Openbsd | Openssh | 5.5 | p1 | All | All |
| Application | Openbsd | Openssh | 5.6 | All | All | All |
| Application | Openbsd | Openssh | 5.6 | p1 | All | All |
| Application | Openbsd | Openssh | 5.7 | All | All | All |
| Application | Openbsd | Openssh | 5.7 | p1 | All | All |
| Application | Openbsd | Openssh | 5.8 | All | All | All |
| Application | Openbsd | Openssh | 5.8 | p1 | All | All |
| Application | Openbsd | Openssh | 5.9 | All | All | All |
| Application | Openbsd | Openssh | 5.9 | p1 | All | All |
| Application | Openbsd | Openssh | 6.0 | All | All | All |
| Application | Openbsd | Openssh | 6.0 | p1 | All | All |
| Application | Openbsd | Openssh | 6.1 | All | All | All |
| Application | Openbsd | Openssh | 6.1 | p1 | All | All |
| Application | Openbsd | Openssh | 6.2 | All | All | All |
| Application | Openbsd | Openssh | 6.2 | p1 | All | All |
| Application | Openbsd | Openssh | 6.2 | p2 | All | All |
| Application | Openbsd | Openssh | 6.3 | All | All | All |
| Application | Openbsd | Openssh | 6.3 | p1 | All | All |
| Application | Openbsd | Openssh | 6.4 | All | All | All |
| Application | Openbsd | Openssh | 6.4 | p1 | All | All |
| Application | Openbsd | Openssh | 6.5 | All | All | All |
| Application | Openbsd | Openssh | 6.5 | p1 | All | All |
| Application | Openbsd | Openssh | 6.6 | All | All | All |
| Application | Openbsd | Openssh | 6.6 | p1 | All | All |
| Application | Openbsd | Openssh | 6.7 | All | All | All |
| Application | Openbsd | Openssh | 6.7 | p1 | All | All |
| Application | Openbsd | Openssh | 6.8 | All | All | All |
| Application | Openbsd | Openssh | 6.8 | p1 | All | All |
| Application | Openbsd | Openssh | 6.9 | All | All | All |
| Application | Openbsd | Openssh | 6.9 | p1 | All | All |
| Application | Openbsd | Openssh | 7.0 | All | All | All |
| Application | Openbsd | Openssh | 7.0 | p1 | All | All |
| Application | Openbsd | Openssh | 7.1 | All | All | All |
| Application | Openbsd | Openssh | 7.1 | p1 | All | All |
| Application | Openbsd | Openssh | 5.4 | All | All | All |
| Application | Openbsd | Openssh | 5.4 | p1 | All | All |
| Application | Openbsd | Openssh | 5.5 | All | All | All |
| Application | Openbsd | Openssh | 5.5 | p1 | All | All |
| Application | Openbsd | Openssh | 5.6 | All | All | All |
| Application | Openbsd | Openssh | 5.6 | p1 | All | All |
| Application | Openbsd | Openssh | 5.7 | All | All | All |
| Application | Openbsd | Openssh | 5.7 | p1 | All | All |
| Application | Openbsd | Openssh | 5.8 | All | All | All |
| Application | Openbsd | Openssh | 5.8 | p1 | All | All |
| Application | Openbsd | Openssh | 5.9 | All | All | All |
| Application | Openbsd | Openssh | 5.9 | p1 | All | All |
| Application | Openbsd | Openssh | 6.0 | All | All | All |
| Application | Openbsd | Openssh | 6.0 | p1 | All | All |
| Application | Openbsd | Openssh | 6.1 | All | All | All |
| Application | Openbsd | Openssh | 6.1 | p1 | All | All |
| Application | Openbsd | Openssh | 6.2 | All | All | All |
| Application | Openbsd | Openssh | 6.2 | p1 | All | All |
| Application | Openbsd | Openssh | 6.2 | p2 | All | All |
| Application | Openbsd | Openssh | 6.3 | All | All | All |
| Application | Openbsd | Openssh | 6.3 | p1 | All | All |
| Application | Openbsd | Openssh | 6.4 | All | All | All |
| Application | Openbsd | Openssh | 6.4 | p1 | All | All |
| Application | Openbsd | Openssh | 6.5 | All | All | All |
| Application | Openbsd | Openssh | 6.5 | p1 | All | All |
| Application | Openbsd | Openssh | 6.6 | All | All | All |
| Application | Openbsd | Openssh | 6.6 | p1 | All | All |
| Application | Openbsd | Openssh | 6.7 | All | All | All |
| Application | Openbsd | Openssh | 6.7 | p1 | All | All |
| Application | Openbsd | Openssh | 6.8 | All | All | All |
| Application | Openbsd | Openssh | 6.8 | p1 | All | All |
| Application | Openbsd | Openssh | 6.9 | All | All | All |
| Application | Openbsd | Openssh | 6.9 | p1 | All | All |
| Application | Openbsd | Openssh | 7.0 | All | All | All |
| Application | Openbsd | Openssh | 7.0 | p1 | All | All |
| Application | Openbsd | Openssh | 7.1 | All | All | All |
| Application | Openbsd | Openssh | 7.1 | p1 | All | All |
| Operating System | Oracle | Linux | 7 | All | All | All |
| Operating System | Oracle | Linux | 7 | All | All | All |
| Operating System | Oracle | Solaris | 11.3 | All | All | All |
| Operating System | Oracle | Solaris | 11.3 | All | All | All |
| Application | Sophos | Unified Threat Management Software | 9.353 | All | All | All |
| Application | Sophos | Unified Threat Management Software | 9.353 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| UTM Up2Date 9.354 released | Sophos Blog | CONFIRM | blogs.sophos.com | Release Notes, Vendor Advisory |
| APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 | APPLE | lists.apple.com | Mailing List, Release Notes, Third Party Advisory |
| Document Display | HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| oss-security - Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 | MLIST | www.openwall.com | Exploit, Mailing List, Technical Description, Third Party Advisory |
| 2016-04 Security Bulletin: Junos: OpenSSH Client Information Leak and Buffer Overflow in roaming support (CVE-2016-0777, CVE-2016-0778) - Juniper Networks | CONFIRM | kb.juniper.net | Third Party Advisory |
| [security-announce] SUSE-SU-2016:0118-1: critical: Security update for o | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Broadcom Support Portal | CONFIRM | bto.bluecoat.com | Third Party Advisory |
| UTM Up2Date 9.319 released | Sophos Blog | CONFIRM | blogs.sophos.com | Release Notes, Vendor Advisory |
| [security-announce] SUSE-SU-2016:0120-1: critical: Security update for o | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0128-1: critical: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Document Display | HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:0127-1: critical: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Oracle Solaris Third Party Bulletin - October 2015 | CONFIRM | www.oracle.com | Third Party Advisory |
| USN-2869-1: OpenSSH vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| www.openssh.com/txt/release-7.1p2 | CONFIRM | www.openssh.com | Patch, Release Notes, Vendor Advisory |
| OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Full Disclosure: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Document Display | HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| [SECURITY] Fedora 22 Update: gsi-openssh-6.9p1-7.fc22 | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | CONFIRM | cert-portal.siemens.com | |
| Oracle Linux Bulletin - January 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| Document Display | HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| Debian -- Security Information -- DSA-3446-1 openssh | DEBIAN | www.debian.org | Third Party Advisory |
| Qualys Security Advisory - OpenSSH Overflow / Leak ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| [security-announce] SUSE-SU-2016:0119-1: critical: Security update for o | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 23 Update: gsi-openssh-7.1p2-1.fc23 | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| [security-announce] SUSE-SU-2016:0117-1: critical: Security update for o | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| OpenSSH: Multiple vulnerabilities (GLSA 201601-01) — Gentoo Security | GENTOO | security.gentoo.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.