Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2016-0778

Published: 14/01/2016 Updated: 13/12/2022
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 411
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Subscribe to Solaris

Vulnerability Summary

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x prior to 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle solaris 11.3

oracle linux 7

openbsd openssh 5.4

openbsd openssh 5.5

openbsd openssh 6.6

openbsd openssh 6.7

openbsd openssh 6.2

openbsd openssh 6.9

openbsd openssh 6.8

openbsd openssh 5.7

openbsd openssh 6.0

openbsd openssh 6.3

openbsd openssh 6.1

openbsd openssh 5.9

openbsd openssh 6.5

openbsd openssh 7.0

openbsd openssh 5.6

openbsd openssh 7.1

openbsd openssh 5.8

openbsd openssh 6.4

apple mac os x

hp virtual customer access system

sophos unified threat management software 9.353

Vendor Advisories

Ubuntu Security Notice: openssh vulnerabilities
OpenSSH could be made to expose sensitive information over the network ...
Debian CVElist Bug Report Logs: openssh-client: CVE-2016-0777
Debian Bug report logs - #810984 openssh-client: CVE-2016-0777 Package: openssh-client; Maintainer for openssh-client is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Source for openssh-client is src:openssh (PTS, buildd, popcon) Reported by: Christoph Anton Mitterer <calestyo@scientianet> Date: Thu, 14 ...
Debian Security Advisories: DSA-3446-1 openssh -- security update
The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client (an implementation of the SSH protocol suite) SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the server also supports it The OpenSSH server doesn't support roaming, but the OpenSSH ...
Amazon Linux AMI: ALAS-2016-638
An information leak flaw was found in the way the OpenSSH client roaming feature was implemented A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client A buffer overflow flaw was found in the way the OpenSSH client roaming feature was imple ...
Red Hat: CVE-2016-0778
A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Github Repositories

https://github.com/RajathHolla/puppet-ssh

puppet-module-ssh Manage ssh client and server The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet This behavior is managed by the parameters ssh_key_ensure and purge_keys This module may be used with a simple include ::ssh The ssh::config_entry defined type may be used directly and is used to manage Host entries in a per

https://github.com/threepistons/puppet-module-ssh

puppet-module-ssh Manage ssh client and server The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet This behavior is managed by the parameters ssh_key_ensure and purge_keys This module may be used with a simple include ::ssh The ssh::config_entry defined type may be used directly and is used to manage Host entries in a per

https://github.com/akshayprasad/Linux_command_crash_course

This contains the commands crash course of Linux OS.

Command Line hands on Usage Clear history: `ctrl + l` Clear everything left from current cursor position: `ctrl + u` Clear everything right from current cursor position: `ctrl + k` Re-call last input with sudo: `sudo !!` Stop current process: `ctrl + c` Jump to left: `ctrl + a` Jump to right: `ctrl + e` Help: `help cd` / `help dir` () Finding Help: `apropos directory` / `

https://github.com/cpcloudnl/ssh-config

Secure your SSH with ~/.ssh/config

ssh-config SSH client configuration Secure your SSH with ~/ssh/config This guide aims to give you an understanding of your SSH-configuration It contains useful information about finding your default configuration As well as best practices to setup your own sane defaults Beginning users should be able to walk through this guide If not, please open an Issue on this Github pa

https://github.com/WinstonN/fabric2

fabric2 fabric2 is the upgrade from fabric1 why use fabric2? The whole purpose of fabric, is to allow you to perform tasks on infrastructure Running commands, inside of ec2 instances (including magento2 deployments) Running commands inside docker containers Running magento2 bin commands All of the above, across multiple instances, via instance discovery, all, in parallel fabri

Recent Articles

Juniper patches OpenSSH's 'roaming' bug in Junos OS
The Register • Richard Chirgwin • 05 May 2016

Screen OS not affected

The next vendor to kill off the OpenSSH roaming bug announced in January is Juniper Networks. The bug's best bit, as we noted at the time, was that the roaming feature had been added as an experiment back in 2010 (in version 5.4), and was undocumented. The idea of roaming is to maintain an OpenSSH session if there was a connection interruption – which happens quite often in the mobile world, when for example a client moves between cell towers / base stations. In its analysis of the bug, Qualys...

Read more...
Evil OpenSSH servers can steal your private login keys to other systems – patch now
The Register • Iain Thomson in San Francisco • 14 Jan 2016

And consider regenerating your keys just in case

Malicious OpenSSH servers can silently steal people's private SSH keys as they try to login, it emerged today. This means criminals who compromise one server can secretly grab keys needed to log into other systems from a user's computer – allowing crooks to jump from server to server. The security cockup, present in the default configuration of OpenSSH, has been patched today, and all users and administrators are urged to update as soon as possible. SSH keys are an alternative to passwords: yo...

Read more...

References

CWE-119http://www.openssh.com/txt/release-7.1p2http://www.openwall.com/lists/oss-security/2016/01/14/7https://support.apple.com/HT206167http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttps://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/80698http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.htmlhttp://seclists.org/fulldisclosure/2016/Jan/44https://bto.bluecoat.com/security-advisory/sa109http://www.debian.org/security/2016/dsa-3446http://www.ubuntu.com/usn/USN-2869-1https://security.gentoo.org/glsa/201601-01http://www.securitytracker.com/id/1034671http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.htmlhttp://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722http://www.securityfocus.com/archive/1/537295/100/0/threadedhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://usn.ubuntu.com/2869-1/https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21https://www.kb.cert.org/vuls/id/456088
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook