CVE-2016-0778: Buffer Overflow
First published: Thu Jan 14 2016(Updated: )
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Linux | =7 | |
| Oracle Solaris SPARC | =11.3 | |
| OpenSSH | =5.4 | |
| OpenSSH | =5.4-p1 | |
| OpenSSH | =5.5 | |
| OpenSSH | =5.5-p1 | |
| OpenSSH | =5.6 | |
| OpenSSH | =5.6-p1 | |
| OpenSSH | =5.7 | |
| OpenSSH | =5.7-p1 | |
| OpenSSH | =5.8 | |
| OpenSSH | =5.8-p1 | |
| OpenSSH | =5.9 | |
| OpenSSH | =5.9-p1 | |
| OpenSSH | =6.0 | |
| OpenSSH | =6.0-p1 | |
| OpenSSH | =6.1 | |
| OpenSSH | =6.1-p1 | |
| OpenSSH | =6.2 | |
| OpenSSH | =6.2-p1 | |
| OpenSSH | =6.2-p2 | |
| OpenSSH | =6.3 | |
| OpenSSH | =6.3-p1 | |
| OpenSSH | =6.4 | |
| OpenSSH | =6.4-p1 | |
| OpenSSH | =6.5 | |
| OpenSSH | =6.5-p1 | |
| OpenSSH | =6.6 | |
| OpenSSH | =6.6-p1 | |
| OpenSSH | =6.7 | |
| OpenSSH | =6.7-p1 | |
| OpenSSH | =6.8 | |
| OpenSSH | =6.8-p1 | |
| OpenSSH | =6.9 | |
| OpenSSH | =6.9-p1 | |
| OpenSSH | =7.0 | |
| OpenSSH | =7.0-p1 | |
| OpenSSH | =7.1 | |
| OpenSSH | =7.1-p1 | |
| Apple iOS and macOS | >=10.9.0<=10.9.5 | |
| Apple iOS and macOS | >=10.10.0<=10.10.5 | |
| Apple iOS and macOS | >=10.11.0<=10.11.3 | |
| HP Virtual Customer Access System | <=15.07 | |
| Sophos Unified Threat Management | =9.353 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
- http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- http://seclists.org/fulldisclosure/2016/Jan/44
- http://www.debian.org/security/2016/dsa-3446
- http://www.openssh.com/txt/release-7.1p2
- http://www.openwall.com/lists/oss-security/2016/01/14/7
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/archive/1/537295/100/0/threaded
- http://www.securityfocus.com/bid/80698
- http://www.securitytracker.com/id/1034671
- http://www.ubuntu.com/usn/USN-2869-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://bto.bluecoat.com/security-advisory/sa109
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://security.gentoo.org/glsa/201601-01
- https://support.apple.com/HT206167
Frequently Asked Questions
What is the severity of CVE-2016-0778?
CVE-2016-0778 is classified as a medium-severity vulnerability due to its potential to cause denial of service.
How do I fix CVE-2016-0778?
To fix CVE-2016-0778, upgrade OpenSSH to version 7.1p2 or later, which has addressed the vulnerability.
What types of systems are affected by CVE-2016-0778?
CVE-2016-0778 affects various systems running OpenSSH versions 5.x through 7.0, including certain distributions of Oracle Linux, Solaris, and macOS.
What impact does CVE-2016-0778 have on system security?
CVE-2016-0778 allows an attacker to exploit connection handling flaws, potentially leading to a denial of service on affected systems.
When was CVE-2016-0778 discovered?
CVE-2016-0778 was publicly disclosed in March 2016, prompting immediate attention and action from affected software vendors.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/7
- canonical/oracle solaris sparc
- version/oracle solaris sparc/11.3
- vendor/openbsd
- canonical/openssh
- version/openssh/5.4
- version/openssh/5.4-p1
- version/openssh/5.5
- version/openssh/5.5-p1
- version/openssh/5.6
- version/openssh/5.6-p1
- version/openssh/5.7
- version/openssh/5.7-p1
- version/openssh/5.8
- version/openssh/5.8-p1
- version/openssh/5.9
- version/openssh/5.9-p1
- version/openssh/6.0
- version/openssh/6.0-p1
- version/openssh/6.1
- version/openssh/6.1-p1
- version/openssh/6.2
- version/openssh/6.2-p1
- version/openssh/6.2-p2
- version/openssh/6.3
- version/openssh/6.3-p1
- version/openssh/6.4
- version/openssh/6.4-p1
- version/openssh/6.5
- version/openssh/6.5-p1
- version/openssh/6.6
- version/openssh/6.6-p1
- version/openssh/6.7
- version/openssh/6.7-p1
- version/openssh/6.8
- version/openssh/6.8-p1
- version/openssh/6.9
- version/openssh/6.9-p1
- version/openssh/7.0
- version/openssh/7.0-p1
- version/openssh/7.1
- version/openssh/7.1-p1
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.9.0
- version/apple ios and macos/10.9.5
- version/apple ios and macos/10.10.0
- version/apple ios and macos/10.10.5
- version/apple ios and macos/10.11.0
- version/apple ios and macos/10.11.3
- vendor/hp
- canonical/hp virtual customer access system
- version/hp virtual customer access system/15.07
- vendor/sophos
- canonical/sophos unified threat management
- version/sophos unified threat management/9.353