- Vulnerability/
- USN-3538-1
USN-3538-1: OpenSSH vulnerabilities
First published: Mon Jan 22 2018(Updated: )
Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10009) Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10010) Jann Horn discovered that OpenSSH incorrectly handled certain buffer memory operations. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10011) Guido Vranken discovered that OpenSSH incorrectly handled certain shared memory manager operations. A local attacker could possibly use issue to gain privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10012) Michal Zalewski discovered that OpenSSH incorrectly prevented write operations in readonly mode. A remote attacker could possibly use this issue to create zero-length files, leading to a denial of service. (CVE-2017-15906)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/openssh-server | <1:7.5p1-10ubuntu0.1 | 1:7.5p1-10ubuntu0.1 |
| Ubuntu Linux | =17.10 | |
| All of | ||
| ubuntu/openssh-server | <1:7.2p2-4ubuntu2.4 | 1:7.2p2-4ubuntu2.4 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/openssh-server | <1:6.6p1-2ubuntu2.10 | 1:6.6p1-2ubuntu2.10 |
| Ubuntu Linux | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2016-10009
- https://ubuntu.com/security/CVE-2016-10010
- https://ubuntu.com/security/CVE-2016-10011
- https://ubuntu.com/security/CVE-2016-10012
- https://ubuntu.com/security/CVE-2017-15906
- https://launchpad.net/ubuntu/+source/openssh/1:7.5p1-10ubuntu0.1
- https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.4
- https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.10
- https://ubuntu.com/security/notices/USN-3538-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-3538-1?
USN-3538-1 is classified as a medium severity vulnerability.
How do I fix USN-3538-1?
To fix USN-3538-1, you should upgrade your OpenSSH server to a version that is not affected.
Which versions of Ubuntu are affected by USN-3538-1?
USN-3538-1 affects Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.10.
What is the nature of the vulnerability in USN-3538-1?
The vulnerability in USN-3538-1 allows a remote attacker to potentially execute arbitrary PKCS#11 modules from untrusted directories.
Who discovered the vulnerability associated with USN-3538-1?
The vulnerability associated with USN-3538-1 was discovered by Jann Horn.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/references
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu linux
- version/ubuntu linux/17.10
- version/ubuntu linux/16.04
- version/ubuntu linux/14.04