SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (VPN)  >   OpenSSH Vendors:   OpenSSH.org
OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
SecurityTracker Alert ID:  1034671
SecurityTracker URL:  http://securitytracker.com/id/1034671
CVE Reference:   CVE-2016-0777, CVE-2016-0778, CVE-2016-1907   (Links to External Site)
Updated:  Feb 17 2016
Original Entry Date:  Jan 14 2016
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.4 - 7.1
Description:   Several vulnerabilities were reported in OpenSSH. A remote authenticated server can obtain potentially sensitive information from OpenSSH client memory on the target system or potentially execute arbitrary code on the target client system.

An OpenSSH server on an authenticated connection can cause the connected client to leak portions of client memory to the server [CVE-2016-0777]. This may include private client user keys.

The Qualys Security team reported this vulnerability.

An OpenSSH server on an authenticated connection may be able to trigger a buffer overflow and file descriptor leak in the connected client in certain cases when using ProxyCommand, ForwardAgent, or ForwardX11 [CVE-2016-0778].

The Qualys Security team reported this vulnerability.

A user may be able to trigger an out-of-bounds read access error in the packet handling code [CVE-2016-1907]. Ben Hawkes reported this vulnerability.

Impact:   A remote authenticated server can obtain potentially sensitive information from the target connected client.
Solution:   The vendor has issued a fix (7.1p2).

Also, a workaround is described in the vendor's advisory.

The vendor's advisory is available at:

http://www.openssh.com/txt/release-7.1p2

Vendor URL:  www.openssh.com/txt/release-7.1p2 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 14 2016 (Ubuntu Issues Fix for OpenSSH) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
Ubuntu has issued a fix for OpenSSH for Ubuntu Linux 12.04 LTS, 14.04 LTS, 15.04, and 15.10.
Jan 14 2016 (Red Hat Issues Fix) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Jan 15 2016 (CentOS Issues Fix) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
CentOS has issued a fix for CentOS 7.
Jan 15 2016 (Oracle Issues Fix for Oracle Linux) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
Oracle has issued a fix for Oracle Linux 7.
Jan 15 2016 (FreeBSD Issues Fix) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
FreeBSD has issued a fix for FreeBSD 9.3, 10.1, and 10.2.
Jan 20 2016 (OpenBSD Issues Fix) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
OpenBSD has issued a fix for OpenBSD 5.7 and 5.8.
Feb 2 2016 (IBM Issues Fix for IBM AIX) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Mar 21 2016 (Apple Issues Fix for Apple OS X) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
Apple has issued a fix for Apple OS X 10.9.5, 10.10.5, and 10.11 to 10.11.3.
May 9 2016 (Ubuntu Issues Fix) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.
May 20 2016 (Juniper Issues Fix for Juniper Junos) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
Juniper has issued a fix for Juniper Junos.
Jul 16 2016 (Palo Alto Networks Issues Fix for Palo Alto PAN-OS) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
Palo Alto Networks has issued a fix for Palo Alto PAN-OS.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC