Lucene search

K
cloudlinuxCloudLinuxCLSA-2022:1657561632
HistoryJul 11, 2022 - 5:47 p.m.

Fixed CVEs in openssh-5.3p1: CVE-2016-10708, CVE-2016-10012

2022-07-1117:47:12
repo.cloudlinux.com
691

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.052 Low

EPSS

Percentile

92.8%

  • CVE-2016-10708: fix crash in packet handling code by moving inbound NEWKEYS
    handling to kex layer
  • CVE-2016-10012: abandon the fix due to compression mode issues

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.052 Low

EPSS

Percentile

92.8%

Related for CLSA-2022:1657561632