Published: 05/01/2017 Updated: 13/12/2022

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

sshd in OpenSSH prior to 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openssh

Several security issues were fixed in OpenSSH ...

Debian Bug report logs - #848716 openssh: CVE-2016-10011 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:33:04 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848714 openssh: CVE-2016-10009 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:27:02 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848717 openssh: CVE-2016-10012 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:36:01 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848715 openssh: CVE-2016-10010 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:33:02 UTC Severity: important Tags: security, upstream Found in versio ...

It was found that when privilege separation was disabled in OpenSSH, forwarded Unix-domain sockets would be created by sshd with root privileges instead of the privileges of the authenticated user This could allow an authenticated attacker to potentially gain root privileges on the host system Privileges separation has been enabled by default sin ...

Source: bugschromiumorg/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled (config option UsePrivilegeSeparation=no) While privilege separation is enabled by default, it is documented as a hardening option, and therefore disabling it should not directly make a system vulnerable OpenSSH ...

CWE-264 https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce http://www.openwall.com/lists/oss-security/2016/12/19/2 https://www.openssh.com/txt/release-7.4 https://www.exploit-db.com/exploits/40962/https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 http://www.securitytracker.com/id/1037490 http://www.securityfocus.com/bid/94972 http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc https://security.netapp.com/advisory/ntap-20171130-0002/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://nvd.nist.gov https://usn.ubuntu.com/3538-1/https://www.exploit-db.com/exploits/40962/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

CVE-2016-10010

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Exploits

References

Vulmon Search

About

Products

Connect