CVE-2016-0778

Published on: 01/14/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Mac Os X from Apple contain the following vulnerability:

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

  • CVE-2016-0778 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 4.6 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK HIGH SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
UTM Up2Date 9.354 released | Sophos Blog Release Notes
Vendor Advisory
blogs.sophos.com
text/html
URL Logo CONFIRM blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 Mailing List
Release Notes
Third Party Advisory
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-03-21-5
Document Display | HPE Support Center Third Party Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
oss-security - Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Exploit
Mailing List
Technical Description
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
2016-04 Security Bulletin: Junos: OpenSSH Client Information Leak and Buffer Overflow in roaming support (CVE-2016-0777, CVE-2016-0778) - Juniper Networks Third Party Advisory
kb.juniper.net
text/html
URL Logo CONFIRM kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
[security-announce] SUSE-SU-2016:0118-1: critical: Security update for o Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0118
Broadcom Support Portal Third Party Advisory
bto.bluecoat.com
text/html
URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa109
UTM Up2Date 9.319 released | Sophos Blog Release Notes
Vendor Advisory
blogs.sophos.com
text/html
URL Logo CONFIRM blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
[security-announce] SUSE-SU-2016:0120-1: critical: Security update for o Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0120
[security-announce] openSUSE-SU-2016:0128-1: critical: Security update f Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0128
Document Display | HPE Support Center Third Party Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
[security-announce] openSUSE-SU-2016:0127-1: critical: Security update f Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0127
Oracle Solaris Third Party Bulletin - October 2015 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
USN-2869-1: OpenSSH vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-2869-1
Patch
Release Notes
Vendor Advisory
www.openssh.com
text/x-diff
CONFIRM www.openssh.com/txt/release-7.1p2
OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1034671
SecurityFocus Third Party Advisory
VDB Entry
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo BUGTRAQ 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
Full Disclosure: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Mailing List
Third Party Advisory
seclists.org
text/html
URL Logo FULLDISC 20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
Document Display | HPE Support Center Third Party Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
[SECURITY] Fedora 22 Update: gsi-openssh-6.9p1-7.fc22 Mailing List
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-2e89eba0c1
Oracle Linux Bulletin - January 2016 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Document Display | HPE Support Center Third Party Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
Debian -- Security Information -- DSA-3446-1 openssh Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3446
Qualys Security Advisory - OpenSSH Overflow / Leak ≈ Packet Storm Third Party Advisory
VDB Entry
packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
[security-announce] SUSE-SU-2016:0119-1: critical: Security update for o Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0119
[SECURITY] Fedora 23 Update: gsi-openssh-7.1p2-1.fc23 Mailing List
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-4556904561
[security-announce] SUSE-SU-2016:0117-1: critical: Security update for o Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0117
OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 80698
About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support Vendor Advisory
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206167
OpenSSH: Multiple vulnerabilities (GLSA 201601-01) — Gentoo Security Third Party Advisory
security.gentoo.org
text/html
URL Logo GENTOO GLSA-201601-01

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
AppleMac Os XAllAllAllAll
Operating
System
AppleMac Os XAllAllAllAll
Operating
System
AppleMac Os XAllAllAllAll
Operating
System
HpVirtual Customer Access SystemAllAllAllAll
ApplicationOpenbsdOpenssh5.4AllAllAll
ApplicationOpenbsdOpenssh5.4p1AllAll
ApplicationOpenbsdOpenssh5.5AllAllAll
ApplicationOpenbsdOpenssh5.5p1AllAll
ApplicationOpenbsdOpenssh5.6AllAllAll
ApplicationOpenbsdOpenssh5.6p1AllAll
ApplicationOpenbsdOpenssh5.7AllAllAll
ApplicationOpenbsdOpenssh5.7p1AllAll
ApplicationOpenbsdOpenssh5.8AllAllAll
ApplicationOpenbsdOpenssh5.8p1AllAll
ApplicationOpenbsdOpenssh5.9AllAllAll
ApplicationOpenbsdOpenssh5.9p1AllAll
ApplicationOpenbsdOpenssh6.0AllAllAll
ApplicationOpenbsdOpenssh6.0p1AllAll
ApplicationOpenbsdOpenssh6.1AllAllAll
ApplicationOpenbsdOpenssh6.1p1AllAll
ApplicationOpenbsdOpenssh6.2AllAllAll
ApplicationOpenbsdOpenssh6.2p1AllAll
ApplicationOpenbsdOpenssh6.2p2AllAll
ApplicationOpenbsdOpenssh6.3AllAllAll
ApplicationOpenbsdOpenssh6.3p1AllAll
ApplicationOpenbsdOpenssh6.4AllAllAll
ApplicationOpenbsdOpenssh6.4p1AllAll
ApplicationOpenbsdOpenssh6.5AllAllAll
ApplicationOpenbsdOpenssh6.5p1AllAll
ApplicationOpenbsdOpenssh6.6AllAllAll
ApplicationOpenbsdOpenssh6.6p1AllAll
ApplicationOpenbsdOpenssh6.7AllAllAll
ApplicationOpenbsdOpenssh6.7p1AllAll
ApplicationOpenbsdOpenssh6.8AllAllAll
ApplicationOpenbsdOpenssh6.8p1AllAll
ApplicationOpenbsdOpenssh6.9AllAllAll
ApplicationOpenbsdOpenssh6.9p1AllAll
ApplicationOpenbsdOpenssh7.0AllAllAll
ApplicationOpenbsdOpenssh7.0p1AllAll
ApplicationOpenbsdOpenssh7.1AllAllAll
ApplicationOpenbsdOpenssh7.1p1AllAll
ApplicationOpenbsdOpenssh5.4AllAllAll
ApplicationOpenbsdOpenssh5.4p1AllAll
ApplicationOpenbsdOpenssh5.5AllAllAll
ApplicationOpenbsdOpenssh5.5p1AllAll
ApplicationOpenbsdOpenssh5.6AllAllAll
ApplicationOpenbsdOpenssh5.6p1AllAll
ApplicationOpenbsdOpenssh5.7AllAllAll
ApplicationOpenbsdOpenssh5.7p1AllAll
ApplicationOpenbsdOpenssh5.8AllAllAll
ApplicationOpenbsdOpenssh5.8p1AllAll
ApplicationOpenbsdOpenssh5.9AllAllAll
ApplicationOpenbsdOpenssh5.9p1AllAll
ApplicationOpenbsdOpenssh6.0AllAllAll
ApplicationOpenbsdOpenssh6.0p1AllAll
ApplicationOpenbsdOpenssh6.1AllAllAll
ApplicationOpenbsdOpenssh6.1p1AllAll
ApplicationOpenbsdOpenssh6.2AllAllAll
ApplicationOpenbsdOpenssh6.2p1AllAll
ApplicationOpenbsdOpenssh6.2p2AllAll
ApplicationOpenbsdOpenssh6.3AllAllAll
ApplicationOpenbsdOpenssh6.3p1AllAll
ApplicationOpenbsdOpenssh6.4AllAllAll
ApplicationOpenbsdOpenssh6.4p1AllAll
ApplicationOpenbsdOpenssh6.5AllAllAll
ApplicationOpenbsdOpenssh6.5p1AllAll
ApplicationOpenbsdOpenssh6.6AllAllAll
ApplicationOpenbsdOpenssh6.6p1AllAll
ApplicationOpenbsdOpenssh6.7AllAllAll
ApplicationOpenbsdOpenssh6.7p1AllAll
ApplicationOpenbsdOpenssh6.8AllAllAll
ApplicationOpenbsdOpenssh6.8p1AllAll
ApplicationOpenbsdOpenssh6.9AllAllAll
ApplicationOpenbsdOpenssh6.9p1AllAll
ApplicationOpenbsdOpenssh7.0AllAllAll
ApplicationOpenbsdOpenssh7.0p1AllAll
ApplicationOpenbsdOpenssh7.1AllAllAll
ApplicationOpenbsdOpenssh7.1p1AllAll
Operating
System
OracleLinux7AllAllAll
Operating
System
OracleLinux7AllAllAll
Operating
System
OracleSolaris11.3AllAllAll
Operating
System
OracleSolaris11.3AllAllAll
ApplicationSophosUnified Threat Management Software9.353AllAllAll
ApplicationSophosUnified Threat Management Software9.353AllAllAll
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*:
  • cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*: