CVE-2016-0778
HIGH severity · CVSS 8.1 · Memory corruption
8.1CVSS HIGH
Summary
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)20%
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734Advisory
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.htmlAdvisory