Published: 05/01/2017 Updated: 13/12/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

authfile.c in sshd in OpenSSH prior to 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openssh

Several security issues were fixed in OpenSSH ...

Debian Bug report logs - #848716 openssh: CVE-2016-10011 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:33:04 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848714 openssh: CVE-2016-10009 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:27:02 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848717 openssh: CVE-2016-10012 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:36:01 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848715 openssh: CVE-2016-10010 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:33:02 UTC Severity: important Tags: security, upstream Found in versio ...

A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses (CVE-2016-6210) It was found that OpenSSH did not limit password lengths for password authentication A remo ...

It was found that there is a theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users ...

CWE-320 https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9 http://www.openwall.com/lists/oss-security/2016/12/19/2 https://www.openssh.com/txt/release-7.4 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 http://www.securitytracker.com/id/1037490 http://www.securityfocus.com/bid/94977 https://security.netapp.com/advisory/ntap-20171130-0002/https://access.redhat.com/errata/RHSA-2017:2029 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://nvd.nist.gov https://usn.ubuntu.com/3538-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

CVE-2016-10011

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect