8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.3%
OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations.
CWE-200**: Information Exposure -**CVE-2016-0777
According to the OpenSSH release notes for version 7.1p2 :
The OpenSSH client code between 5.4 and 7.1 contains experimental support for resuming SSH-connections (roaming).
_ The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys._
_ The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers._
CWE-122**: Heap-based Buffer Overflow -**CVE-2016-0778
According to Qualys, the API functions packet_write_wait()
and ssh_packet_write_wait()
may overflow in some scenarios after a successful reconnection.
Qualys also notes that:
A user that authenticates to a malicious or compromised server may reveal private data, including the user’s private SSH key, or cause a buffer overflow that may lead to remote code execution in certain non-default configurations.
Apply an update
OpenSSH 7.1p2 has released to address these issues. Affected users are recommended to update as soon as possible.
If update is currently not an option, you may consider the following workaround:
Disable the ‘UseRoaming’ Feature
The vulnerable code in the client can be completely disabled by adding ‘UseRoaming no
’ to the global ssh_config(5)
file, or to user configuration in ~/.ssh/config
, or by passing -oUseRoaming=no
on the command line.
456088
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 14, 2016 Updated: January 14, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 14, 2016 Updated: January 14, 2016
Affected
We have not received a statement from the vendor.
`"We released new versions with the workaround:
<https://github.com/HardenedBSD/hardenedBSD-stable/commit/831e4682e627882dec74300>
52af7b74541aa79dc
<https://github.com/HardenedBSD/hardenedBSD/commit/efa4e9c808a18c3f6c291981d1a463>
b10ba8c514
Fixed in these version:
<https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedBSD-10-ST>
ABLE-v39.1
<https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedBSD-11-CU>
RRENT-v39.2"`
Notified: January 14, 2016 Updated: January 15, 2016
Affected
We have not received a statement from the vendor.
OpenBSD has patches available:
Updated: January 14, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 14, 2016 Updated: January 14, 2016
Statement Date: January 14, 2016
Affected
We have not received a statement from the vendor.
Updates are now available for supported releases.
Notified: January 14, 2016 Updated: January 20, 2016
Statement Date: January 19, 2016
Not Affected
“Openwall GNU/*/Linux is not affected. We’re using a fork of an older version of OpenSSH, from prior to the introduction of the roaming feature.”
We are not aware of further vendor information regarding this vulnerability.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 14, 2016 Updated: January 14, 2016
Unknown
We have not received a statement from the vendor.
View all 86 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Temporal | 3.6 | E:F/RL:OF/RC:C |
Environmental | 2.7 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
This issue was previously coordinated and publicly disclosed by the Qualys Security Advisory Team.
This document was written by Brian Gardiner and Garret Wassermann.
CVE IDs: | CVE-2016-0777, CVE-2016-0778 |
---|---|
Date Public: | 2016-01-14 Date First Published: |
undeadly.org/cgi?action=article&sid=20160114142733
www.openssh.com/txt/release-7.1p2
access.redhat.com/articles/2123781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
github.com/openssh/openssh-portable/blob/8408218c1ca88cb17d15278174a24a94a6f65fe1/roaming_client.c#L70
isc.sans.edu/forums/diary/OpenSSH+71p2+released+with+security+fix+for+CVE20160777/20613/
www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.3%