CVE-2016-0777

{"id": "CVE-2016-0777", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2016-01-14T22:59:01.140", "references": [{"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://seclists.org/fulldisclosure/2016/Jan/44", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2016/dsa-3446", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openssh.com/txt/release-7.1p2", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/80695", "tags": ["VDB Entry", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1034671", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2869-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bto.bluecoat.com/security-advisory/sa109", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201601-01", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://support.apple.com/HT206167", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."}, {"lang": "es", "value": "La funci\u00f3n resend_bytes en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2 permite a servidores remotos obtener informaci\u00f3n sensible desde la memoria de proceso mediante la petici\u00f3n de transmisi\u00f3n de un buffer completo, seg\u00fan lo demostrado mediante la lectura de una clave privada."}], "lastModified": "2022-12-13T12:15:18.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFA93870-577B-4D53-A61D-22E024F96B16"}, {"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9857D3A8-7942-4624-B3D6-9943D34030B8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sophos:unified_threat_management:110:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E9D7BF2E-1DEB-474A-8DEE-0A2D1A9B1A77"}, {"criteria": "cpe:2.3:h:sophos:unified_threat_management:120:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE59783E-6A2D-4777-9BA2-8527DA6B32BA"}, {"criteria": "cpe:2.3:h:sophos:unified_threat_management:220:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "646FEB9F-2F54-4946-9687-C2EC28144C97"}, {"criteria": "cpe:2.3:h:sophos:unified_threat_management:320:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57654458-F143-4D70-9D52-0A242F3177A1"}, {"criteria": "cpe:2.3:h:sophos:unified_threat_management:425:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6527EC0-536E-4BF0-9949-8FA4A4E64688"}, {"criteria": "cpe:2.3:h:sophos:unified_threat_management:525:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21A9EA52-E9F1-4267-86BC-570ED1ECC7B1"}, {"criteria": "cpe:2.3:h:sophos:unified_threat_management:625:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "280976E2-D7A8-43B7-A57C-66920BC91DAB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B"}, {"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "727CC471-6473-4C8D-8D1A-D8B3C6AB21CD"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CEDBF5F-23BD-4A60-926A-B822D5E3BFB5"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAF922B2-2FE6-4401-A4F1-914C637F5450"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4ECE74F4-8E7B-42FA-A2DD-2EE0681DA4B6"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA9D704A-D1E7-4989-9136-1EAD72EF6BE5"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78735121-6BA0-4158-B3D5-E4BACCA5E95A"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "270BABBA-70A8-4FC7-962D-0D0D40F4497F"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A710EC9F-1352-4DF0-B1CF-9C51ACB078CB"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA4F797B-8E2C-41AC-AA29-D6B50A539B2F"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F482203-0CF1-403C-A25C-9B0DA24F6282"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E74684E-71D3-4458-A8BA-5248982273F3"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F3D478C-221F-4A07-8520-CD8856A75DCA"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B018B05B-1311-4E0F-A9D0-620C1BF904A1"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "728372F8-6561-473D-B54D-1DB41DA1CF55"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11BDA49F-C3E7-4D32-8105-E75525BFB2D4"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE153B9F-721D-42ED-A662-C2597B7BF073"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "254243DD-2E3E-48ED-A92C-8F4FD405DA57"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF734D8-1F01-498C-A917-5B528BFD9CAA"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "492F661C-45E4-4B9B-AD26-1873D91DBEA6"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "546EB570-C2AC-473B-BED8-C47167D2593A"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2C8269-9C66-4E41-A56C-ACC709DC2053"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64382F2C-15AC-41FE-A936-CEB44C1AFB9F"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20B099B9-3D7E-47A4-94A5-B89759189D26"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65A8629A-CFAE-4403-BEE7-622912483702"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50836FA3-8116-4D58-B73E-B4830FB3A551"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0607649-62FE-41CB-9444-53CD9C5B67C0"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3397D8DC-3410-401F-8854-BFCC35AD6686"}, {"criteria": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B0FB8D5-75CB-4691-AB9F-B4FA46973421"}, {"criteria": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42DCED2D-76C5-49D1-A72D-E578CF686F5A"}, {"criteria": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67E1B240-BD86-41D3-BAC1-96005CB31DEE"}, {"criteria": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFC8587-FB9E-4FE2-B725-81CE3CE590F8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:remote_device_access_virtual_customer_access_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E172D760-1D72-4712-8A80-E9FB5B076E7F", "versionEndIncluding": "15.07"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82", "versionEndIncluding": "10.11.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}