CVE-2016-0777: Infoleak
First published: Thu Jan 14 2016(Updated: )
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos Unified Threat Management | =9.318 | |
| Sophos Unified Threat Management | =9.353 | |
| Sophos Unified Threat Management | =110 | |
| Sophos Unified Threat Management | =120 | |
| Sophos Unified Threat Management | =220 | |
| Sophos Unified Threat Management | =320 | |
| Sophos Unified Threat Management | =425 | |
| Sophos Unified Threat Management | =525 | |
| Sophos Unified Threat Management | =625 | |
| Oracle Linux | =7 | |
| Oracle Solaris SPARC | =11.3 | |
| OpenSSH | =5.0 | |
| OpenSSH | =5.0-p1 | |
| OpenSSH | =5.1 | |
| OpenSSH | =5.1-p1 | |
| OpenSSH | =5.2 | |
| OpenSSH | =5.2-p1 | |
| OpenSSH | =5.3 | |
| OpenSSH | =5.3-p1 | |
| OpenSSH | =5.4 | |
| OpenSSH | =5.4-p1 | |
| OpenSSH | =5.5 | |
| OpenSSH | =5.5-p1 | |
| OpenSSH | =5.6 | |
| OpenSSH | =5.6-p1 | |
| OpenSSH | =5.7 | |
| OpenSSH | =5.7-p1 | |
| OpenSSH | =5.8 | |
| OpenSSH | =5.8-p1 | |
| OpenSSH | =5.9 | |
| OpenSSH | =5.9-p1 | |
| OpenSSH | =6.0 | |
| OpenSSH | =6.0-p1 | |
| OpenSSH | =6.1 | |
| OpenSSH | =6.1-p1 | |
| OpenSSH | =6.2 | |
| OpenSSH | =6.2-p1 | |
| OpenSSH | =6.2-p2 | |
| OpenSSH | =6.3 | |
| OpenSSH | =6.3-p1 | |
| OpenSSH | =6.4 | |
| OpenSSH | =6.4-p1 | |
| OpenSSH | =6.5 | |
| OpenSSH | =6.5-p1 | |
| OpenSSH | =6.6 | |
| OpenSSH | =6.6-p1 | |
| OpenSSH | =6.7 | |
| OpenSSH | =6.7-p1 | |
| OpenSSH | =6.8 | |
| OpenSSH | =6.8-p1 | |
| OpenSSH | =6.9 | |
| OpenSSH | =6.9-p1 | |
| OpenSSH | =7.0 | |
| OpenSSH | =7.0-p1 | |
| OpenSSH | =7.1 | |
| OpenSSH | =7.1-p1 | |
| HP Remote Device Access Virtual Customer Access System | <=15.07 | |
| Apple iOS and macOS | <=10.11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
- http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- http://seclists.org/fulldisclosure/2016/Jan/44
- http://www.debian.org/security/2016/dsa-3446
- http://www.openssh.com/txt/release-7.1p2
- http://www.openwall.com/lists/oss-security/2016/01/14/7
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/archive/1/537295/100/0/threaded
- http://www.securityfocus.com/bid/80695
- http://www.securitytracker.com/id/1034671
- http://www.ubuntu.com/usn/USN-2869-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://bto.bluecoat.com/security-advisory/sa109
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
- https://security.gentoo.org/glsa/201601-01
- https://support.apple.com/HT206167
Frequently Asked Questions
What is the severity of CVE-2016-0777?
CVE-2016-0777 has been assigned a severity rating of high due to its ability to expose sensitive information from memory.
How do I fix CVE-2016-0777?
To fix CVE-2016-0777, upgrade OpenSSH to version 7.1p2 or later.
Which software is affected by CVE-2016-0777?
CVE-2016-0777 affects OpenSSH versions 5.x, 6.x, and 7.x before 7.1p2.
What kind of information can be leaked due to CVE-2016-0777?
CVE-2016-0777 can allow remote servers to read sensitive information such as private keys from the process memory.
Is my system vulnerable if I am using OpenSSH prior to 7.1p2?
Yes, if you are using a version of OpenSSH prior to 7.1p2, your system is vulnerable to CVE-2016-0777.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sophos
- canonical/sophos unified threat management
- version/sophos unified threat management/9.318
- version/sophos unified threat management/9.353
- version/sophos unified threat management/110
- version/sophos unified threat management/120
- version/sophos unified threat management/220
- version/sophos unified threat management/320
- version/sophos unified threat management/425
- version/sophos unified threat management/525
- version/sophos unified threat management/625
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/7
- canonical/oracle solaris sparc
- version/oracle solaris sparc/11.3
- vendor/openbsd
- canonical/openssh
- version/openssh/5.0
- version/openssh/5.0-p1
- version/openssh/5.1
- version/openssh/5.1-p1
- version/openssh/5.2
- version/openssh/5.2-p1
- version/openssh/5.3
- version/openssh/5.3-p1
- version/openssh/5.4
- version/openssh/5.4-p1
- version/openssh/5.5
- version/openssh/5.5-p1
- version/openssh/5.6
- version/openssh/5.6-p1
- version/openssh/5.7
- version/openssh/5.7-p1
- version/openssh/5.8
- version/openssh/5.8-p1
- version/openssh/5.9
- version/openssh/5.9-p1
- version/openssh/6.0
- version/openssh/6.0-p1
- version/openssh/6.1
- version/openssh/6.1-p1
- version/openssh/6.2
- version/openssh/6.2-p1
- version/openssh/6.2-p2
- version/openssh/6.3
- version/openssh/6.3-p1
- version/openssh/6.4
- version/openssh/6.4-p1
- version/openssh/6.5
- version/openssh/6.5-p1
- version/openssh/6.6
- version/openssh/6.6-p1
- version/openssh/6.7
- version/openssh/6.7-p1
- version/openssh/6.8
- version/openssh/6.8-p1
- version/openssh/6.9
- version/openssh/6.9-p1
- version/openssh/7.0
- version/openssh/7.0-p1
- version/openssh/7.1
- version/openssh/7.1-p1
- vendor/hp
- canonical/hp remote device access virtual customer access system
- version/hp remote device access virtual customer access system/15.07
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.11.3