Published: 05/01/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 643

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH prior to 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openssh

Several security issues were fixed in OpenSSH ...

Debian Bug report logs - #848716 openssh: CVE-2016-10011 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:33:04 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848714 openssh: CVE-2016-10009 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:27:02 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848717 openssh: CVE-2016-10012 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:36:01 UTC Severity: important Tags: security, upstream Found in versio ...

Debian Bug report logs - #848715 openssh: CVE-2016-10010 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Dec 2016 19:33:02 UTC Severity: important Tags: security, upstream Found in versio ...

A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses (CVE-2016-6210) It was found that OpenSSH did not limit password lengths for password authentication A remo ...

It was found that the shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimizing compilers Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled This could potentially allow attacks against the privileged monitor process f ...

CWE-119 https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9 http://www.openwall.com/lists/oss-security/2016/12/19/2 https://www.openssh.com/txt/release-7.4 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 http://www.securitytracker.com/id/1037490 http://www.securityfocus.com/bid/94975 https://security.netapp.com/advisory/ntap-20171130-0002/https://access.redhat.com/errata/RHSA-2017:2029 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://support.f5.com/csp/article/K62201745?utm_source=f5support&%3Butm_medium=RSS https://nvd.nist.gov https://usn.ubuntu.com/3538-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

CVE-2016-10012

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect