First published: Wed Jan 04 2017(Updated: )
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/openssh | <1:7.4 | 1:7.4 |
ubuntu/openssh | <1:7.2 | 1:7.2 |
debian/openssh | 1:8.4p1-5+deb11u3 1:9.2p1-2+deb12u2 1:9.2p1-2+deb12u3 1:9.8p1-2 | |
OpenSSH | <=7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-10010 is classified as a high severity vulnerability due to its potential to allow local privilege escalation.
To fix CVE-2016-10010, upgrade OpenSSH to version 7.4 or later where the vulnerability is no longer present.
CVE-2016-10010 affects OpenSSH versions before 7.4 when privilege separation is not enabled.
CVE-2016-10010 requires local access to the system for exploitation, making it a local privilege escalation vulnerability.
The exploitation of CVE-2016-10010 could allow an unprivileged local user to gain root privileges on the system.